From 2081aefc84cf1156527c09b7e827b500423a4f00 Mon Sep 17 00:00:00 2001
From: atm-quentin <quentin.vial-gouteyron@atm-consulting.fr>
Date: Mon, 5 Feb 2018 16:07:08 +0100
Subject: [PATCH] FIX creer into lire

---
 htdocs/societe/card.php | 34 ++++++++++++++++++----------------
 1 file changed, 18 insertions(+), 16 deletions(-)

diff --git a/htdocs/societe/card.php b/htdocs/societe/card.php
index a5ad6f2e270..611abc9b704 100644
--- a/htdocs/societe/card.php
+++ b/htdocs/societe/card.php
@@ -519,15 +519,16 @@ if (empty($reshook))
                             $error=$object->error; $errors=$object->errors;
                         }
                     }
-					if(!empty($user->rights->categorie->creer)){
-						// Customer categories association
-						$custcats = GETPOST( 'custcats', 'array' );
-						$object->setCategories($custcats, 'customer');
+				
+					
+					// Customer categories association
+					$custcats = GETPOST( 'custcats', 'array' );
+					$object->setCategories($custcats, 'customer');
 
-						// Supplier categories association
-						$suppcats = GETPOST('suppcats', 'array');
-						$object->setCategories($suppcats, 'supplier');
-					}
+					// Supplier categories association
+					$suppcats = GETPOST('suppcats', 'array');
+					$object->setCategories($suppcats, 'supplier');
+					
                     // Logo/Photo save
                     $dir     = $conf->societe->multidir_output[$conf->entity]."/".$object->id."/logos/";
                     $file_OK = is_uploaded_file($_FILES['photo']['tmp_name']);
@@ -634,15 +635,16 @@ if (empty($reshook))
                 {
                     $error = $object->error; $errors = $object->errors;
                 }
+				//Prevent thirdparty's emptying if a user hasn't rights $user->rights->categorie->lire
+				if(!empty($user->rights->categorie->lire)){ 
+					// Customer categories association
+					$categories = GETPOST( 'custcats', 'array' );
+					$object->setCategories($categories, 'customer');
 
-				// Customer categories association
-				$categories = GETPOST( 'custcats', 'array' );
-				$object->setCategories($categories, 'customer');
-
-				// Supplier categories association
-				$categories = GETPOST('suppcats', 'array');
-				$object->setCategories($categories, 'supplier');
-
+					// Supplier categories association
+					$categories = GETPOST('suppcats', 'array');
+					$object->setCategories($categories, 'supplier');
+				}
                 // Logo/Photo save
                 $dir     = $conf->societe->multidir_output[$object->entity]."/".$object->id."/logos";
                 $file_OK = is_uploaded_file($_FILES['photo']['tmp_name']);