diff --git a/htdocs/contrat/contact.php b/htdocs/contrat/contact.php
index 83d6c779a24..f0f8ce54302 100644
--- a/htdocs/contrat/contact.php
+++ b/htdocs/contrat/contact.php
@@ -42,6 +42,33 @@ $user->getrights('contrat');
 if (!$user->rights->contrat->lire)
 	accessforbidden();
 
+// Sécurité accés client et commerciaux
+$contratid = isset($_GET["id"])?$_GET["id"]:'';
+
+if ($user->societe_id > 0)
+{
+    $action = '';
+    $socidp = $user->societe_id;
+}
+
+// Protection restriction commercial
+if ($contratid)
+{
+        $sql = "SELECT sc.fk_soc, c.fk_soc";
+        $sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."contrat as c";
+        $sql .= " WHERE c.rowid = ".$contratid;
+        if (!$user->rights->commercial->client->voir && !$user->societe_id > 0)
+        {
+        	$sql .= " AND sc.fk_soc = c.fk_soc AND sc.fk_user = ".$user->id;
+        }
+        if ($user->societe_id > 0) $sql .= " AND c.fk_soc = ".$socidp;
+
+        if ( $db->query($sql) )
+        {
+          if ( $db->num_rows() == 0) accessforbidden();
+        }
+}
+
 
 // les methodes locales
 /**
@@ -105,13 +132,6 @@ function select_type_contact($contrat, $defValue, $htmlname = 'type', $source)
 }
 
 
-// Sécurité accés client
-if ($user->societe_id > 0)
-{
-	$action = '';
-	$socidp = $user->societe_id;
-}
-
 /*
  * Ajout d'un nouveau contact
  */
diff --git a/htdocs/contrat/info.php b/htdocs/contrat/info.php
index fd03eeda46b..538cb82a851 100644
--- a/htdocs/contrat/info.php
+++ b/htdocs/contrat/info.php
@@ -32,6 +32,36 @@ require_once(DOL_DOCUMENT_ROOT."/contrat/contrat.class.php");
 
 $langs->load("contracts");
 
+$user->getrights('contrat');
+if (!$user->rights->contrat->lire)
+  accessforbidden();
+
+// Sécurité accés client et commerciaux
+$contratid = isset($_GET["id"])?$_GET["id"]:'';
+
+if ($user->societe_id > 0) 
+{
+  $socidp = $user->societe_id;
+}
+
+// Protection restriction commercial
+if ($contratid)
+{
+        $sql = "SELECT sc.fk_soc, c.fk_soc";
+        $sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."contrat as c";
+        $sql .= " WHERE c.rowid = ".$contratid;
+        if (!$user->rights->commercial->client->voir && !$user->societe_id > 0)
+        {
+        	$sql .= " AND sc.fk_soc = c.fk_soc AND sc.fk_user = ".$user->id;
+        }
+        if ($user->societe_id > 0) $sql .= " AND c.fk_soc = ".$socidp;
+
+        if ( $db->query($sql) )
+        {
+          if ( $db->num_rows() == 0) accessforbidden();
+        }
+}
+
 llxHeader();
 
 
diff --git a/htdocs/contrat/note.php b/htdocs/contrat/note.php
index bdc06f05e7c..02ca1708f35 100644
--- a/htdocs/contrat/note.php
+++ b/htdocs/contrat/note.php
@@ -40,13 +40,32 @@ if (!$user->rights->contrat->lire)
 $langs->load("companies");
 $langs->load("contracts");
 
-// Sécurité accés
+// Sécurité accés client et commerciaux
+$contratid = isset($_GET["id"])?$_GET["id"]:'';
+
 if ($user->societe_id > 0) 
 {
   unset($_GET["action"]);
   $socidp = $user->societe_id;
 }
 
+// Protection restriction commercial
+if ($contratid)
+{
+        $sql = "SELECT sc.fk_soc, c.fk_soc";
+        $sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."contrat as c";
+        $sql .= " WHERE c.rowid = ".$contratid;
+        if (!$user->rights->commercial->client->voir && !$user->societe_id > 0)
+        {
+        	$sql .= " AND sc.fk_soc = c.fk_soc AND sc.fk_user = ".$user->id;
+        }
+        if ($user->societe_id > 0) $sql .= " AND c.fk_soc = ".$socidp;
+
+        if ( $db->query($sql) )
+        {
+          if ( $db->num_rows() == 0) accessforbidden();
+        }
+}
 
 $contrat = new Contrat($db);
 $contrat->fetch($_GET["id"]);