Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

External users cannot see projects #10789

Closed
jriboux opened this issue Mar 10, 2019 · 11 comments · May be fixed by #30301
Closed

External users cannot see projects #10789

jriboux opened this issue Mar 10, 2019 · 11 comments · May be fixed by #30301
Labels
Bug This is a bug (something does not work as expected) Works for me / Can't reproduce It seems not possible to reproduce the bug.

Comments

@jriboux
Copy link

jriboux commented Mar 10, 2019

Bug

External users cannot see or access projects when assigned as contact.

Environment

  • Version: [9.0.1]
  • PHP: [7.0]

Expected and actual behavior

External users should see projects they are assigned as contact

Steps to reproduce the behavior

  • Create a contact
  • Create an external user for this contact
  • Create a project
  • Assign contact on project

Fix ?

It seems to be an error in htdocs/projet/class/project.class.php lines 1239 & 1247.
$sql.= " AND ec.fk_socpeople = ".$user->id.")";
Maybe use $user->contactid instead ?
fk_socpeople seems to be sometime a user id and sometime a contact id, this can lead to security issues.

The line 701 in htdocs/projet/list.php prevents the project list to be shown.
@eldy
Copy link
Member

eldy commented Aug 1, 2019

By definition, an external user can see only elements of its thirdparties.
Does the project you try to read have a thirdparty that is the thirdparty of the external user ?

@eldy eldy added the Works for me / Can't reproduce It seems not possible to reproduce the bug. label Aug 1, 2019
@ukb-33
Copy link

ukb-33 commented Jan 5, 2020

Got same problem here with a quite fresh 10.0.0.4 install.
Tested a couple of differents config in terms of rights, and found that the first "Lire les projets et tâches (partagés ou dont vous n'êtes pas contact)" seems to be not enough event in these situation:

  • external user UA, linked to company CA
  • project P, created by Admin, for third party CA
  • UA is mentionned as responsible for project P and associated tasks.

When UA connects, she can't see project where she is named as contact.

@ukb-33
Copy link

ukb-33 commented Jan 5, 2020

Environment information are mentionned in #12798

@dpriskorn dpriskorn added the Bug This is a bug (something does not work as expected) label Aug 7, 2020
@ksar-ksar
Copy link
Contributor

Have you tested with latest dolibarr version ?

@ksar-ksar
Copy link
Contributor

Hello,

You can re-open the issue if it is still a BUG

@Dominatorr007
Copy link

yes in version 13.4 this bug still persists please fix

@wolfcreative
Copy link

14.0.5, the bug is still present
@eldy, can you tell me how to fix this?

@rycks rycks mentioned this issue May 10, 2022
Closed
@rycks
Copy link
Contributor

rycks commented May 10, 2022

Here is the race condition @eldy :

image

image

Then in this case we can't filter only on "internal" ctc.source ...

@denisb79
Copy link

Has someone solved the issue?
I have version 15 installed and our external users can't see the progress of their projects.
Thank you so much

@Xenion1987
Copy link

15.0.3 still not solved

FlorentPoinsaut added a commit to solution-libre/dolibarr that referenced this issue Jul 5, 2024
@FlorentPoinsaut
FIX Dolibarr#10789 External users cannot see projects
82d3134
FlorentPoinsaut added a commit to solution-libre/dolibarr that referenced this issue Jul 5, 2024
@FlorentPoinsaut
FIX Dolibarr#10789 External users cannot see projects
057c273
@FlorentPoinsaut FlorentPoinsaut mentioned this issue Jul 5, 2024
Open
FlorentPoinsaut added a commit to solution-libre/dolibarr that referenced this issue Jul 11, 2024
@FlorentPoinsaut
Add a warning if we add a contact that has a user Dolibarr#10789
efd2635
FlorentPoinsaut added a commit to solution-libre/dolibarr that referenced this issue Jul 11, 2024
@FlorentPoinsaut
Lint Dolibarr#10789
9174181
FlorentPoinsaut added a commit to solution-libre/dolibarr that referenced this issue Jul 11, 2024
@FlorentPoinsaut
Lint Dolibarr#10789
23fc9d9
FlorentPoinsaut added a commit to solution-libre/dolibarr that referenced this issue Jul 12, 2024
@FlorentPoinsaut
Fix indent Dolibarr#10789
c825d76
FlorentPoinsaut added a commit to solution-libre/dolibarr that referenced this issue Jul 12, 2024
@FlorentPoinsaut
Fix indent Dolibarr#10789
38b2da8
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug This is a bug (something does not work as expected) Works for me / Can't reproduce It seems not possible to reproduce the bug.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

FIX #10789 Add a warning if we add a contact that has a user solution-libre/dolibarr
11 participants
@eldy @rycks @jriboux @wolfcreative @ksar-ksar @Xenion1987 @denisb79 @ukb-33 @dpriskorn @Dominatorr007 and others