From 0d63adca916d4d54935368263188747cf2d0ee75 Mon Sep 17 00:00:00 2001
From: Regis Houssin <regis@dolibarr.fr>
Date: Tue, 13 Jun 2006 17:36:23 +0000
Subject: [PATCH] =?UTF-8?q?Fix:=20am=E9lioration=20des=20droits?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 htdocs/user/fiche.php | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/htdocs/user/fiche.php b/htdocs/user/fiche.php
index 2c7ec81ac27..2471c5df406 100644
--- a/htdocs/user/fiche.php
+++ b/htdocs/user/fiche.php
@@ -38,6 +38,8 @@ require_once(DOL_DOCUMENT_ROOT."/contact.class.php");
 $canreadperms=($user->admin || $user->rights->user->user->lire);
 $caneditperms=($user->admin || $user->rights->user->user->creer);
 $candisableperms=($user->admin || $user->rights->user->user->supprimer);
+$caneditselfperms=($user->rights->user->self->supprimer);
+$caneditpassword=($user->rights->user->self->password);
 
 if ($user->id <> $_GET["id"])
 {
@@ -177,7 +179,7 @@ if ($_GET["action"] == 'removegroup' && $caneditperms)
     }
 }
 
-if ($_POST["action"] == 'update' && $caneditperms)
+if ($_POST["action"] == 'update' && ($caneditperms || $caneditselfperms))
 {
     $message="";
 
@@ -249,7 +251,7 @@ if ($_POST["action"] == 'update' && $caneditperms)
 
 // Action modif mot de passe
 if ((($_POST["action"] == 'confirm_password' && $_POST["confirm"] == 'yes')
-      || $_GET["action"] == 'confirm_passwordsend') && $caneditperms)
+      || $_GET["action"] == 'confirm_passwordsend') && ($caneditperms || $caneditpassword)
 {
     $edituser = new User($db, $_GET["id"]);
     $edituser->fetch();
@@ -581,7 +583,7 @@ else
              */
             print '<div class="tabsAction">';
 
-            if ($caneditperms || ($user->id == $fuser->id))
+            if ($caneditperms || (($user->id == $fuser->id) && $caneditselfperms))
             {
                 print '<a class="butAction" href="fiche.php?id='.$fuser->id.'&amp;action=edit">'.$langs->trans("Edit").'</a>';
             }