From 941972f8ae8b5350d202d150e2619c2974454bf6 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Mon, 14 Oct 2024 08:56:08 +0200 Subject: [PATCH] FIX missing private contact checking --- htdocs/core/boxes/box_contacts.php | 1 + htdocs/societe/index.php | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/htdocs/core/boxes/box_contacts.php b/htdocs/core/boxes/box_contacts.php index 7ee04c0b2d82c..b9be887b2edfe 100644 --- a/htdocs/core/boxes/box_contacts.php +++ b/htdocs/core/boxes/box_contacts.php @@ -105,6 +105,7 @@ public function loadBox($max = 5) if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } + $sql .= " AND ((sp.fk_user_creat = ".((int) $user->id)." AND sp.priv = 1) OR sp.priv = 0)"; // check if this is a private contact // Add where from hooks $parameters = array('socid' => $user->socid, 'boxcode' => $this->boxcode); $reshook = $hookmanager->executeHooks('printFieldListWhere', $parameters, $contactstatic); // Note that $action and $object may have been modified by hook diff --git a/htdocs/societe/index.php b/htdocs/societe/index.php index 83089a617ff12..e1b6c0503471c 100644 --- a/htdocs/societe/index.php +++ b/htdocs/societe/index.php @@ -422,7 +422,8 @@ if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } -$sql .= ' WHERE s.entity IN ('.getEntity('societe').') AND sp.fk_soc = s.rowid'; +$sql .= " WHERE s.entity IN (".getEntity('societe').") AND sp.fk_soc = s.rowid"; +$sql .= " AND ((sp.fk_user_creat = ".((int) $user->id)." AND sp.priv = 1) OR sp.priv = 0)"; // check if this is a private contact if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); }