Skip to content

Commit

Permalink
FIX missing private contact checking
Browse files Browse the repository at this point in the history
  • Loading branch information
hregis committed Oct 14, 2024
1 parent e54b911 commit 941972f
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 1 deletion.
1 change: 1 addition & 0 deletions htdocs/core/boxes/box_contacts.php
Original file line number Diff line number Diff line change
Expand Up @@ -105,6 +105,7 @@ public function loadBox($max = 5)
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= " AND ((sp.fk_user_creat = ".((int) $user->id)." AND sp.priv = 1) OR sp.priv = 0)"; // check if this is a private contact
// Add where from hooks
$parameters = array('socid' => $user->socid, 'boxcode' => $this->boxcode);
$reshook = $hookmanager->executeHooks('printFieldListWhere', $parameters, $contactstatic); // Note that $action and $object may have been modified by hook
Expand Down
3 changes: 2 additions & 1 deletion htdocs/societe/index.php
Original file line number Diff line number Diff line change
Expand Up @@ -422,7 +422,8 @@
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= ' WHERE s.entity IN ('.getEntity('societe').') AND sp.fk_soc = s.rowid';
$sql .= " WHERE s.entity IN (".getEntity('societe').") AND sp.fk_soc = s.rowid";
$sql .= " AND ((sp.fk_user_creat = ".((int) $user->id)." AND sp.priv = 1) OR sp.priv = 0)"; // check if this is a private contact
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
Expand Down

0 comments on commit 941972f

Please sign in to comment.