FIX uniformize and check delete contact action (#31384)

* FIX uniformize and check delete contact action

* FIX syntax error

* FIX missing private contact checking

* FIX missing show errors

* FIX missing "oldcopy" for trigger

* FIX missing private contact filter in selectcontact

htdocs/contact/class/contact.class.php

@@ -999,7 +999,7 @@ public function fetch($id, $user = null, $ref_ext = '', $email = '', $loadalsoro
 		$sql .= " c.priv, c.note_private, c.note_public, c.default_lang, c.canvas,";
 		$sql .= " c.fk_prospectlevel, c.fk_stcommcontact, st.libelle as stcomm, st.picto as stcomm_picto,";
 		$sql .= " c.import_key,";
-		$sql .= " c.datec as date_creation, c.tms as date_modification,";
+		$sql .= " c.datec as date_creation, c.tms as date_modification, c.fk_user_creat, c.fk_user_modif,";
 		$sql .= " co.label as country, co.code as country_code,";
 		$sql .= " d.nom as state, d.code_departement as state_code,";
 		$sql .= " u.rowid as user_id, u.login as user_login,";
@@ -1053,6 +1053,8 @@ public function fetch($id, $user = null, $ref_ext = '', $email = '', $loadalsoro
 
 				$this->date_creation     = $this->db->jdate($obj->date_creation);
 				$this->date_modification = $this->db->jdate($obj->date_modification);
+				$this->user_creation_id     = $obj->fk_user_creat;
+				$this->user_modification_id = $obj->fk_user_modif;
 
 				$this->state_id		= $obj->state_id;
 				$this->state_code	= $obj->state_code;

htdocs/core/boxes/box_contacts.php

@@ -105,6 +105,7 @@ public function loadBox($max = 5)
 			if (!$user->hasRight('societe', 'client', 'voir')) {
 				$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
 			}
+			$sql .= " AND ((sp.fk_user_creat = ".((int) $user->id)." AND sp.priv = 1) OR sp.priv = 0)"; // check if this is a private contact
 			// Add where from hooks
 			$parameters = array('socid' => $user->socid, 'boxcode' => $this->boxcode);
 			$reshook = $hookmanager->executeHooks('printFieldListWhere', $parameters, $contactstatic); // Note that $action and $object may have been modified by hook

htdocs/core/class/html.form.class.php

@@ -1752,7 +1752,7 @@ public function select_thirdparty_list($selected = '', $htmlname = 'socid', $fil
 	 */
 	public function selectcontacts($socid, $selected = array(), $htmlname = 'contactid', $showempty = 0, $exclude = '', $limitto = '', $showfunction = 0, $morecss = '', $options_only = 0, $showsoc = 0, $forcecombo = 0, $events = array(), $moreparam = '', $htmlid = '', $multiple = false, $disableifempty = 0, $filter = '')
 	{
-		global $conf, $langs, $hookmanager, $action;
+		global $conf, $user, $langs, $hookmanager, $action;
 
 		$langs->load('companies');
 
@@ -1812,6 +1812,7 @@ public function selectcontacts($socid, $selected = array(), $htmlname = 'contact
 			$sql .= " LEFT OUTER JOIN  " . $this->db->prefix() . "societe as s ON s.rowid=sp.fk_soc";
 		}
 		$sql .= " WHERE sp.entity IN (" . getEntity('contact') . ")";
+		$sql .= " AND ((sp.fk_user_creat = ".((int) $user->id)." AND sp.priv = 1) OR sp.priv = 0)"; // check if this is a private contact
 		if ($socid > 0 || $socid == -1) {
 			$sql .= " AND sp.fk_soc = " . ((int) $socid);
 		}

htdocs/core/lib/company.lib.php

@@ -1667,7 +1667,7 @@ function show_contacts($conf, $langs, $db, $object, $backtopage = '', $showuserl
 
 				// Delete
 				if ($user->hasRight('societe', 'contact', 'delete')) {
-					print '<a class="marginleftonly right" href="'.DOL_URL_ROOT.'/societe/contact.php?action=delete&token='.newToken().'&id='.$obj->rowid.'&socid='.urlencode($obj->fk_soc).'">';
+					print '<a class="marginleftonly right" href="'.DOL_URL_ROOT.'/societe/contact.php?action=delete&token='.newToken().'&id='.$obj->rowid.'&socid='.$object->id.'&backtopage='.urlencode($backtopage).'">';
 					print img_delete();
 					print '</a>';
 				}

htdocs/societe/contact.php

@@ -138,30 +138,22 @@
 if ($action == 'confirm_delete' && $user->hasRight('societe', 'contact', 'delete')) {
 	$id = GETPOST('id', 'int');
 	if (!empty($id) && $socid > 0) {
-		$db->begin();
-
-		$sql = "DELETE FROM ".MAIN_DB_PREFIX."socpeople_extrafields";
-		$sql .= " WHERE fk_object = ".((int) $socid);
-		$sql .= " AND fk_object IN (SELECT rowid FROM ".MAIN_DB_PREFIX."socpeople as sp WHERE sp.rowid = ".((int) $socid);
-		$sql .= " AND ((sp.fk_user_creat = ".((int) $user->id)." AND sp.priv = 1) OR sp.priv = 0))";
-
-		$result1 = $db->query($sql);
-
-		$sql = "DELETE FROM ".MAIN_DB_PREFIX."socpeople";
-		$sql .= " WHERE fk_soc = ".((int) $socid);
-		$sql .= " AND rowid = ".((int) $id);
-		$sql .= " AND ((fk_user_creat = ".((int) $user->id)." AND priv = 1) OR priv = 0)";
-
-		$result2 = $db->query($sql);
-
-		if (!$result1 || !$result2) {
-			setEventMessages($db->lasterror(), null, 'errors');
-			$db->rollback();
+		$contact = new Contact($db);
+		$ret = $contact->fetch($id);
+		if ($ret > 0) {
+			if ($contact->priv == 0  || ($contact->user_modification_id == ((int) $user->id) && $contact->priv == 1)) {
+				$contact->oldcopy = clone $contact; // @phan-suppress-current-line PhanTypeMismatchProperty
+				$result = $contact->delete($user);
+				if ($result > 0) {
+					setEventMessages('RecordDeleted', null, 'mesgs');
+					header("Location: ".$_SERVER['PHP_SELF']."?id=".$socid);
+					exit();
+				} else {
+					setEventMessages($contact->error, $contact->errors, 'errors');
+				}
+			}
 		} else {
-			$db->commit();
-			setEventMessages('RecordDeleted', null, 'mesgs');
-			header("Location: ".$_SERVER['PHP_SELF']."?id=".$socid);
-			exit();
+			setEventMessages($contact->error, $contact->errors, 'errors');
 		}
 	}
 }

htdocs/societe/index.php

@@ -422,7 +422,8 @@
 if (!$user->hasRight('societe', 'client', 'voir')) {
 	$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
 }
-$sql .= ' WHERE s.entity IN ('.getEntity('societe').') AND sp.fk_soc = s.rowid';
+$sql .= " WHERE s.entity IN (".getEntity('societe').") AND sp.fk_soc = s.rowid";
+$sql .= " AND ((sp.fk_user_creat = ".((int) $user->id)." AND sp.priv = 1) OR sp.priv = 0)"; // check if this is a private contact
 if (!$user->hasRight('societe', 'client', 'voir')) {
 	$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
 }