diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php
index 34a5aded138..f8ae5c17155 100644
--- a/htdocs/core/class/html.form.class.php
+++ b/htdocs/core/class/html.form.class.php
@@ -891,7 +891,7 @@ class Form
else
{
$out.= '';
}
@@ -3648,7 +3648,7 @@ class Form
else
{
$out.= '';
}
diff --git a/htdocs/fourn/fiche.php b/htdocs/fourn/fiche.php
index 70c58b440c2..a8b19441f90 100644
--- a/htdocs/fourn/fiche.php
+++ b/htdocs/fourn/fiche.php
@@ -40,9 +40,9 @@ $langs->load('companies');
$langs->load('commercial');
// Security check
-$socid = isset($_GET["socid"])?$_GET["socid"]:'';
+$socid = GETPOST("socid");
if ($user->societe_id) $socid=$user->societe_id;
-$result = restrictedArea($user, 'societe',$socid,'');
+$result = restrictedArea($user, 'societe&fournisseur', $socid, '');
/*
diff --git a/htdocs/lib/company.lib.php b/htdocs/lib/company.lib.php
index 7709ce518b7..602c6026bb2 100644
--- a/htdocs/lib/company.lib.php
+++ b/htdocs/lib/company.lib.php
@@ -58,7 +58,7 @@ function societe_prepare_head($object)
$head[$h][2] = 'customer';
$h++;
}
- if (! empty($conf->fournisseur->enabled) && ($object->fournisseur || (isset($object->object) && $object->object->fournisseur)))
+ if (! empty($conf->fournisseur->enabled) && ($object->fournisseur || (isset($object->object) && $object->object->fournisseur)) && ! empty($user->rights->fournisseur->lire))
{
$head[$h][0] = DOL_URL_ROOT.'/fourn/fiche.php?socid='.$object->id;
$head[$h][1] = $langs->trans("Supplier");
diff --git a/htdocs/product/stats/fiche.php b/htdocs/product/stats/fiche.php
index 08308e70f1d..1319ae7cede 100644
--- a/htdocs/product/stats/fiche.php
+++ b/htdocs/product/stats/fiche.php
@@ -207,10 +207,10 @@ if ($_GET["id"] || $_GET["ref"])
{
if (! $graphfiles[$key]['file']) continue;
- if ($graphfiles == 'propal' && ! $user->right->propale->lire) continue;
- if ($graphfiles == 'order' && ! $user->right->commande->lire) continue;
- if ($graphfiles == 'invoices' && ! $user->right->facture->lire) continue;
- if ($graphfiles == 'invoices_suppliers' && ! $user->right->fournisseur->facture->lire) continue;
+ if ($graphfiles == 'propal' && ! $user->rights->propale->lire) continue;
+ if ($graphfiles == 'order' && ! $user->rights->commande->lire) continue;
+ if ($graphfiles == 'invoices' && ! $user->rights->facture->lire) continue;
+ if ($graphfiles == 'invoices_suppliers' && ! $user->rights->fournisseur->facture->lire) continue;
if ($i % 2 == 0) print '';
diff --git a/htdocs/societe/soc.php b/htdocs/societe/soc.php
index 42ea9fb8465..363f079456e 100644
--- a/htdocs/societe/soc.php
+++ b/htdocs/societe/soc.php
@@ -715,7 +715,7 @@ else
print '
';
- if ($conf->fournisseur->enabled)
+ if ($conf->fournisseur->enabled && ! empty($user->rights->fournisseur->lire))
{
// Supplier
print '';
@@ -1146,7 +1146,7 @@ else
print '
';
// Supplier
- if ($conf->fournisseur->enabled)
+ if ($conf->fournisseur->enabled && ! empty($user->rights->fournisseur->lire))
{
print '';
print '| '.$langs->trans('Supplier').' | ';
@@ -1465,7 +1465,7 @@ else
$rowspan=4;
if (! empty($conf->global->SOCIETE_USEPREFIX)) $rowspan++;
if ($object->client) $rowspan++;
- if ($conf->fournisseur->enabled && $object->fournisseur) $rowspan++;
+ if ($conf->fournisseur->enabled && $object->fournisseur && ! empty($user->rights->fournisseur->lire)) $rowspan++;
if ($conf->global->MAIN_MODULE_BARCODE) $rowspan++;
if (empty($conf->global->SOCIETE_DISABLE_STATE)) $rowspan++;
$showlogo='';
@@ -1494,7 +1494,7 @@ else
print ' |
';
}
- if ($conf->fournisseur->enabled && $object->fournisseur)
+ if ($conf->fournisseur->enabled && $object->fournisseur && ! empty($user->rights->fournisseur->lire))
{
print '| ';
print $langs->trans('SupplierCode').' | ';
diff --git a/htdocs/user/group/fiche.php b/htdocs/user/group/fiche.php
index 67b36fd54df..2e6b5995a6b 100644
--- a/htdocs/user/group/fiche.php
+++ b/htdocs/user/group/fiche.php
@@ -253,9 +253,10 @@ if ($action == 'create')
print '';
}
print " |
\n";
-
- print "".' |
';
print "\n";
+
+ print '
';
+
print "";
}