Ok well I wouldn't really try to write my own logic to decode access rights (like you have in your attached code), that could be your problem?
The view that the application uses to decide if a user has access to a project can be found by examining what SQL code the @WHERE:SECURITY:PROJECT:i.id@ NSQL construct gets converted to. So if you preview a NSQL query with that construct in, it gets 'turned into' the following SQL;
i.id in ( select object_instance_id from odfsec_project_v2 where user_id = ??? )
(??? being the executing user's id)
So you can just use that same odfsec_project_v2 view in your query (just join to it using the appropriate columns) and security is implemented!
--
Other "security constructs" are available in NSQL, for example here's an old thread that talks about following the logic down to underlying tables for resource security ; Adding protlet security NSQL
(and also if you are just looking for specific access rights rather than "any access to this object")