From f7adbfef1663dfdfc8b923c69d260662685d2e5f Mon Sep 17 00:00:00 2001
From: amarchal <antonin@letempledujeu.fr>
Date: Fri, 25 Nov 2022 22:33:34 +0100
Subject: [PATCH] block visibility to private contact (thirdparty list / card)

---
 htdocs/contact/card.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/htdocs/contact/card.php b/htdocs/contact/card.php
index 8e9c6f2a321..84a84321a52 100644
--- a/htdocs/contact/card.php
+++ b/htdocs/contact/card.php
@@ -86,6 +86,7 @@ $hookmanager->initHooks(array('contactcard', 'globalcard'));
 
 if ($id > 0) {
 	$object->fetch($id);
+	$object->info($id);
 }
 
 if (!($object->id > 0) && $action == 'view') {
@@ -101,6 +102,9 @@ $permissiontoadd = $user->rights->societe->contact->creer;
 if ($user->socid) {
 	$socid = $user->socid;
 }
+if($object->priv && $object->user_creation->id != $user->id){
+	accessforbidden();
+}
 $result = restrictedArea($user, 'contact', $id, 'socpeople&societe', '', '', 'rowid', 0); // If we create a contact with no company (shared contacts), no check on write permission