The Project module includes a Record Rule that does exactly that for Tasks, "
Tasks According to User and Project":
['|',('user_id','=',False),('user_id','=',user.id)]
You just need to create an identical Record Rule (menu Settings » Security » Record Rules) on object Project.
