Fix: [ bug #1079 ] External users can't access projects even if it is a

contact.
Dolibarr · Dec 1, 2013 · cbf1dda · cbf1dda
1 parent 833fb1a
commit cbf1dda
Show file tree

Hide file tree

Showing 5 changed files with 15 additions and 8 deletions.
diff --git a/htdocs/install/mysql/data/llx_c_type_contact.sql b/htdocs/install/mysql/data/llx_c_type_contact.sql
@@ -70,12 +70,14 @@ insert into llx_c_type_contact(rowid, element, source, code, libelle, active ) v
 insert into llx_c_type_contact(rowid, element, source, code, libelle, active ) values (143,'order_supplier','external', 'CUSTOMER',      'Contact fournisseur suivi commande', 1);
 insert into llx_c_type_contact(rowid, element, source, code, libelle, active ) values (145,'order_supplier','external', 'SHIPPING',      'Contact fournisseur livraison commande', 1);
 
+-- All project code must start with 'PROJECT'
 insert into llx_c_type_contact(rowid, element, source, code, libelle, active ) values (160, 'project',  'internal', 'PROJECTLEADER', 'Chef de Projet', 1);
-insert into llx_c_type_contact(rowid, element, source, code, libelle, active ) values (161, 'project',  'internal', 'CONTRIBUTOR', 'Intervenant', 1);
+insert into llx_c_type_contact(rowid, element, source, code, libelle, active ) values (161, 'project',  'internal', 'PROJECTCONTRIBUTOR', 'Intervenant', 1);
 insert into llx_c_type_contact(rowid, element, source, code, libelle, active ) values (170, 'project',  'external', 'PROJECTLEADER', 'Chef de Projet', 1);
-insert into llx_c_type_contact(rowid, element, source, code, libelle, active ) values (171, 'project',  'external', 'CONTRIBUTOR', 'Intervenant', 1);
+insert into llx_c_type_contact(rowid, element, source, code, libelle, active ) values (171, 'project',  'external', 'PROJECTCONTRIBUTOR', 'Intervenant', 1);
 
+-- All task code must start with 'TASK'
 insert into llx_c_type_contact(rowid, element, source, code, libelle, active ) values (180, 'project_task',  'internal', 'TASKEXECUTIVE', 'Responsable', 1);
-insert into llx_c_type_contact(rowid, element, source, code, libelle, active ) values (181, 'project_task',  'internal', 'CONTRIBUTOR', 'Intervenant', 1);
+insert into llx_c_type_contact(rowid, element, source, code, libelle, active ) values (181, 'project_task',  'internal', 'TASKCONTRIBUTOR', 'Intervenant', 1);
 insert into llx_c_type_contact(rowid, element, source, code, libelle, active ) values (190, 'project_task',  'external', 'TASKEXECUTIVE', 'Responsable', 1);
-insert into llx_c_type_contact(rowid, element, source, code, libelle, active ) values (191, 'project_task',  'external', 'CONTRIBUTOR', 'Intervenant', 1);
+insert into llx_c_type_contact(rowid, element, source, code, libelle, active ) values (191, 'project_task',  'external', 'TASKCONTRIBUTOR', 'Intervenant', 1);
diff --git a/htdocs/install/mysql/migration/3.4.0-3.5.0.sql b/htdocs/install/mysql/migration/3.4.0-3.5.0.sql
@@ -20,6 +20,10 @@
 
 DELETE FROM llx_menu where module='holiday';
 
+ALTER TABLE llx_c_type_contact MODIFY COLUMN code varchar(32) NOT NULL;
+UPDATE llx_c_type_contact set code = 'PROJECTCONTRIBUTOR' where code = 'CONTRIBUTOR' and element = 'project';
+UPDATE llx_c_type_contact set code = 'TASKCONTRIBUTOR' where code = 'CONTRIBUTOR' and element = 'project_task';
+
 insert into llx_c_tva(rowid,fk_pays,taux,recuperableonly,localtax1,localtax1_type,note,active) values (143, 14,'5','0','9.975','1','TPS and TVQ rate',1);
 
 -- Fix bad migration of 3.4 that make this text instead of varchar(50)

diff --git a/htdocs/install/mysql/tables/llx_c_type_contact.sql b/htdocs/install/mysql/tables/llx_c_type_contact.sql
@@ -31,7 +31,7 @@ create table llx_c_type_contact
   rowid      	integer     PRIMARY KEY,
   element       varchar(30) NOT NULL,
   source        varchar(8)  DEFAULT 'external' NOT NULL,
-  code          varchar(16) NOT NULL,
+  code          varchar(32) NOT NULL,
   libelle 	    varchar(64)	NOT NULL,
   active  	    tinyint DEFAULT 1  NOT NULL,
   module        varchar(32) NULL

diff --git a/htdocs/projet/class/project.class.php b/htdocs/projet/class/project.class.php
@@ -844,7 +844,7 @@ function restrictedProjectArea($user, $mode='read')
             $userAccess = 1;
         }
         else
-        {
+		{
             foreach (array('internal', 'external') as $source)
             {
                 $userRole = $this->liste_contact(4, $source);
@@ -853,7 +853,7 @@ function restrictedProjectArea($user, $mode='read')
                 $nblinks = 0;
                 while ($nblinks < $num)
                 {
-                    if ($source == 'internal' && preg_match('/PROJECT/', $userRole[$nblinks]['code']) && $user->id == $userRole[$nblinks]['id'])
+                    if ($source == 'internal' && preg_match('/^PROJECT/', $userRole[$nblinks]['code']) && $user->id == $userRole[$nblinks]['id'])
                     {
                         if ($mode == 'read'   && $user->rights->projet->lire)      $userAccess++;
                         if ($mode == 'write'  && $user->rights->projet->creer)     $userAccess++;

diff --git a/htdocs/projet/liste.php b/htdocs/projet/liste.php
@@ -100,10 +100,11 @@
 $sql.= $db->order($sortfield,$sortorder);
 $sql.= $db->plimit($conf->liste_limit+1, $offset);
 
-$var=true;
+dol_syslog("list allowed project sql=".$sql);
 $resql = $db->query($sql);
 if ($resql)
 {
+	$var=true;
 	$num = $db->num_rows($resql);
 	$i = 0;