Ajax contacts - Enforce client access restrictions when getting client contacts

2025-05-11 12:01:23 +01:00 · 2025-05-11 12:01:23 +01:00 · d5536e78f4
parent 908738b7ca
commit d5536e78f4
1 changed files with 2 additions and 0 deletions
--- a/ajax.php
+++ b/ajax.php
@ -316,7 +316,9 @@ if (isset($_GET['get_client_contacts'])) {
    $contact_sql = mysqli_query(
        $mysqli,
        "SELECT contact_id, contact_name, contact_primary, contact_important, contact_technical FROM contacts
+        LEFT JOIN clients on contact_client_id = client_id
        WHERE contacts.contact_archived_at IS NULL AND contact_client_id = $client_id
+        $access_permission_query
        ORDER BY contact_primary DESC, contact_technical DESC, contact_important DESC, contact_name"
    );