diff --git a/htdocs/contact/class/contact.class.php b/htdocs/contact/class/contact.class.php
index e2ff9935585d7..57f24b67a4c10 100644
--- a/htdocs/contact/class/contact.class.php
+++ b/htdocs/contact/class/contact.class.php
@@ -999,7 +999,7 @@ public function fetch($id, $user = null, $ref_ext = '', $email = '', $loadalsoro
$sql .= " c.priv, c.note_private, c.note_public, c.default_lang, c.canvas,";
$sql .= " c.fk_prospectlevel, c.fk_stcommcontact, st.libelle as stcomm, st.picto as stcomm_picto,";
$sql .= " c.import_key,";
- $sql .= " c.datec as date_creation, c.tms as date_modification,";
+ $sql .= " c.datec as date_creation, c.tms as date_modification, c.fk_user_creat, c.fk_user_modif,";
$sql .= " co.label as country, co.code as country_code,";
$sql .= " d.nom as state, d.code_departement as state_code,";
$sql .= " u.rowid as user_id, u.login as user_login,";
@@ -1053,6 +1053,8 @@ public function fetch($id, $user = null, $ref_ext = '', $email = '', $loadalsoro
$this->date_creation = $this->db->jdate($obj->date_creation);
$this->date_modification = $this->db->jdate($obj->date_modification);
+ $this->user_creation_id = $obj->fk_user_creat;
+ $this->user_modification_id = $obj->fk_user_modif;
$this->state_id = $obj->state_id;
$this->state_code = $obj->state_code;
diff --git a/htdocs/core/boxes/box_contacts.php b/htdocs/core/boxes/box_contacts.php
index 7ee04c0b2d82c..b9be887b2edfe 100644
--- a/htdocs/core/boxes/box_contacts.php
+++ b/htdocs/core/boxes/box_contacts.php
@@ -105,6 +105,7 @@ public function loadBox($max = 5)
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
+ $sql .= " AND ((sp.fk_user_creat = ".((int) $user->id)." AND sp.priv = 1) OR sp.priv = 0)"; // check if this is a private contact
// Add where from hooks
$parameters = array('socid' => $user->socid, 'boxcode' => $this->boxcode);
$reshook = $hookmanager->executeHooks('printFieldListWhere', $parameters, $contactstatic); // Note that $action and $object may have been modified by hook
diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php
index 99e94aec30623..d70703a50fc3d 100644
--- a/htdocs/core/class/html.form.class.php
+++ b/htdocs/core/class/html.form.class.php
@@ -1752,7 +1752,7 @@ public function select_thirdparty_list($selected = '', $htmlname = 'socid', $fil
*/
public function selectcontacts($socid, $selected = array(), $htmlname = 'contactid', $showempty = 0, $exclude = '', $limitto = '', $showfunction = 0, $morecss = '', $options_only = 0, $showsoc = 0, $forcecombo = 0, $events = array(), $moreparam = '', $htmlid = '', $multiple = false, $disableifempty = 0, $filter = '')
{
- global $conf, $langs, $hookmanager, $action;
+ global $conf, $user, $langs, $hookmanager, $action;
$langs->load('companies');
@@ -1812,6 +1812,7 @@ public function selectcontacts($socid, $selected = array(), $htmlname = 'contact
$sql .= " LEFT OUTER JOIN " . $this->db->prefix() . "societe as s ON s.rowid=sp.fk_soc";
}
$sql .= " WHERE sp.entity IN (" . getEntity('contact') . ")";
+ $sql .= " AND ((sp.fk_user_creat = ".((int) $user->id)." AND sp.priv = 1) OR sp.priv = 0)"; // check if this is a private contact
if ($socid > 0 || $socid == -1) {
$sql .= " AND sp.fk_soc = " . ((int) $socid);
}
diff --git a/htdocs/core/lib/company.lib.php b/htdocs/core/lib/company.lib.php
index acedf4e2fbd25..6a696ab26deae 100644
--- a/htdocs/core/lib/company.lib.php
+++ b/htdocs/core/lib/company.lib.php
@@ -1667,7 +1667,7 @@ function show_contacts($conf, $langs, $db, $object, $backtopage = '', $showuserl
// Delete
if ($user->hasRight('societe', 'contact', 'delete')) {
- print '';
+ print '';
print img_delete();
print '';
}
diff --git a/htdocs/societe/contact.php b/htdocs/societe/contact.php
index 893f21db32944..c499fad5ae988 100644
--- a/htdocs/societe/contact.php
+++ b/htdocs/societe/contact.php
@@ -138,30 +138,22 @@
if ($action == 'confirm_delete' && $user->hasRight('societe', 'contact', 'delete')) {
$id = GETPOST('id', 'int');
if (!empty($id) && $socid > 0) {
- $db->begin();
-
- $sql = "DELETE FROM ".MAIN_DB_PREFIX."socpeople_extrafields";
- $sql .= " WHERE fk_object = ".((int) $socid);
- $sql .= " AND fk_object IN (SELECT rowid FROM ".MAIN_DB_PREFIX."socpeople as sp WHERE sp.rowid = ".((int) $socid);
- $sql .= " AND ((sp.fk_user_creat = ".((int) $user->id)." AND sp.priv = 1) OR sp.priv = 0))";
-
- $result1 = $db->query($sql);
-
- $sql = "DELETE FROM ".MAIN_DB_PREFIX."socpeople";
- $sql .= " WHERE fk_soc = ".((int) $socid);
- $sql .= " AND rowid = ".((int) $id);
- $sql .= " AND ((fk_user_creat = ".((int) $user->id)." AND priv = 1) OR priv = 0)";
-
- $result2 = $db->query($sql);
-
- if (!$result1 || !$result2) {
- setEventMessages($db->lasterror(), null, 'errors');
- $db->rollback();
+ $contact = new Contact($db);
+ $ret = $contact->fetch($id);
+ if ($ret > 0) {
+ if ($contact->priv == 0 || ($contact->user_modification_id == ((int) $user->id) && $contact->priv == 1)) {
+ $contact->oldcopy = clone $contact; // @phan-suppress-current-line PhanTypeMismatchProperty
+ $result = $contact->delete($user);
+ if ($result > 0) {
+ setEventMessages('RecordDeleted', null, 'mesgs');
+ header("Location: ".$_SERVER['PHP_SELF']."?id=".$socid);
+ exit();
+ } else {
+ setEventMessages($contact->error, $contact->errors, 'errors');
+ }
+ }
} else {
- $db->commit();
- setEventMessages('RecordDeleted', null, 'mesgs');
- header("Location: ".$_SERVER['PHP_SELF']."?id=".$socid);
- exit();
+ setEventMessages($contact->error, $contact->errors, 'errors');
}
}
}
diff --git a/htdocs/societe/index.php b/htdocs/societe/index.php
index 83089a617ff12..e1b6c0503471c 100644
--- a/htdocs/societe/index.php
+++ b/htdocs/societe/index.php
@@ -422,7 +422,8 @@
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
-$sql .= ' WHERE s.entity IN ('.getEntity('societe').') AND sp.fk_soc = s.rowid';
+$sql .= " WHERE s.entity IN (".getEntity('societe').") AND sp.fk_soc = s.rowid";
+$sql .= " AND ((sp.fk_user_creat = ".((int) $user->id)." AND sp.priv = 1) OR sp.priv = 0)"; // check if this is a private contact
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}