FIX uniformize and check delete contact action

hregis · Oct 14, 2024 · c8ed671 · c8ed671
1 parent 24722c1
commit c8ed671
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 26 deletions.
diff --git a/htdocs/contact/class/contact.class.php b/htdocs/contact/class/contact.class.php
@@ -999,7 +999,7 @@ public function fetch($id, $user = null, $ref_ext = '', $email = '', $loadalsoro
 		$sql .= " c.priv, c.note_private, c.note_public, c.default_lang, c.canvas,";
 		$sql .= " c.fk_prospectlevel, c.fk_stcommcontact, st.libelle as stcomm, st.picto as stcomm_picto,";
 		$sql .= " c.import_key,";
-		$sql .= " c.datec as date_creation, c.tms as date_modification,";
+		$sql .= " c.datec as date_creation, c.tms as date_modification, c.fk_user_creat, c_fk_user_modif";
 		$sql .= " co.label as country, co.code as country_code,";
 		$sql .= " d.nom as state, d.code_departement as state_code,";
 		$sql .= " u.rowid as user_id, u.login as user_login,";
@@ -1053,6 +1053,8 @@ public function fetch($id, $user = null, $ref_ext = '', $email = '', $loadalsoro
 
 				$this->date_creation     = $this->db->jdate($obj->date_creation);
 				$this->date_modification = $this->db->jdate($obj->date_modification);
+				$this->user_creation_id     = $obj->fk_user_creat;
+				$this->user_modification_id = $obj->fk_user_modif;
 
 				$this->state_id		= $obj->state_id;
 				$this->state_code	= $obj->state_code;

diff --git a/htdocs/core/lib/company.lib.php b/htdocs/core/lib/company.lib.php
@@ -1667,7 +1667,7 @@ function show_contacts($conf, $langs, $db, $object, $backtopage = '', $showuserl
 
 				// Delete
 				if ($user->hasRight('societe', 'contact', 'delete')) {
-					print '<a class="marginleftonly right" href="'.DOL_URL_ROOT.'/societe/contact.php?action=delete&token='.newToken().'&id='.$obj->rowid.'&socid='.urlencode($obj->fk_soc).'">';
+					print '<a class="marginleftonly right" href="'.DOL_URL_ROOT.'/societe/contact.php?action=delete&token='.newToken().'&id='.$obj->rowid.'&socid='.$object->id.'&backtopage='.urlencode($backtopage).'">';
 					print img_delete();
 					print '</a>';
 				}

diff --git a/htdocs/societe/contact.php b/htdocs/societe/contact.php
@@ -138,30 +138,17 @@
 if ($action == 'confirm_delete' && $user->hasRight('societe', 'contact', 'delete')) {
 	$id = GETPOST('id', 'int');
 	if (!empty($id) && $socid > 0) {
-		$db->begin();
-
-		$sql = "DELETE FROM ".MAIN_DB_PREFIX."socpeople_extrafields";
-		$sql .= " WHERE fk_object = ".((int) $socid);
-		$sql .= " AND fk_object IN (SELECT rowid FROM ".MAIN_DB_PREFIX."socpeople as sp WHERE sp.rowid = ".((int) $socid);
-		$sql .= " AND ((sp.fk_user_creat = ".((int) $user->id)." AND sp.priv = 1) OR sp.priv = 0))";
-
-		$result1 = $db->query($sql);
-
-		$sql = "DELETE FROM ".MAIN_DB_PREFIX."socpeople";
-		$sql .= " WHERE fk_soc = ".((int) $socid);
-		$sql .= " AND rowid = ".((int) $id);
-		$sql .= " AND ((fk_user_creat = ".((int) $user->id)." AND priv = 1) OR priv = 0)";
-
-		$result2 = $db->query($sql);
-
-		if (!$result1 || !$result2) {
-			setEventMessages($db->lasterror(), null, 'errors');
-			$db->rollback();
-		} else {
-			$db->commit();
-			setEventMessages('RecordDeleted', null, 'mesgs');
-			header("Location: ".$_SERVER['PHP_SELF']."?id=".$socid);
-			exit();
+		$contact = new Contact($db);
+		$ret = $contact->fetch($id);
+		if ($ret > 0) {
+			if ($contact->priv == 0  || ($contact->user_modification_id == ((int) $user->id) && $contact->priv == 1)) {
+				$result = $contact->delete($user);
+				if ($result > 0) {
+					setEventMessages('RecordDeleted', null, 'mesgs');
+					header("Location: ".$_SERVER['PHP_SELF']."?id=".$socid);
+					exit();
+				}
+			}
 		}
 	}
 }