From 280059a3d7a8ee8f0df33a4e001c368b9af3e356 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Sun, 7 Jan 2018 18:56:57 +0100
Subject: [PATCH] Fix perm

---
 htdocs/ecm/dir_add_card.php | 22 ++++++++++++++++++----
 htdocs/ecm/search.php       |  2 +-
 2 files changed, 19 insertions(+), 5 deletions(-)

diff --git a/htdocs/ecm/dir_add_card.php b/htdocs/ecm/dir_add_card.php
index f17c061f36a..b6af9a0ae7a 100644
--- a/htdocs/ecm/dir_add_card.php
+++ b/htdocs/ecm/dir_add_card.php
@@ -18,7 +18,7 @@
  */
 
 /**
- *	\file		htdocs/ecm/docdir.php
+ *	\file		htdocs/ecm/dir_add_card.php
  *	\ingroup	ecm
  *	\brief		Main page for ECM section area
  */
@@ -31,8 +31,6 @@ require_once DOL_DOCUMENT_ROOT.'/ecm/class/ecmdirectory.class.php';
 // Load traductions files
 $langs->loadLangs(array("ecm","companies","other","users","orders","propal","bills","contracts","categories"));
 
-if (! $user->rights->ecm->setup) accessforbidden();
-
 // Get parameters
 $socid      = GETPOST('socid','int');
 $action     = GETPOST('action','alpha');
@@ -85,13 +83,29 @@ if (! empty($section))
 	}
 }
 
+$permtoadd = 0;
+$permtoupload = 0;
+if ($module == 'ecm')
+{
+	$permtoadd = $user->rights->ecm->setup;
+	$permtoupload = $user->rights->ecm->upload;
+}
+if ($module == 'medias')
+{
+	$permtoadd = ($user->rights->mailing->creer || $user->rights->website->write);
+	$permtoupload = ($user->rights->mailing->creer || $user->rights->website->write);
+}
+
+if (! $permtoadd) accessforbidden();
+
+
 
 /*
  * Actions
  */
 
 // Action ajout d'un produit ou service
-if ($action == 'add' && $user->rights->ecm->setup)
+if ($action == 'add' && $permtoadd)
 {
 	if ($cancel)
 	{
diff --git a/htdocs/ecm/search.php b/htdocs/ecm/search.php
index 4dbebac97c3..8736de8a544 100644
--- a/htdocs/ecm/search.php
+++ b/htdocs/ecm/search.php
@@ -17,7 +17,7 @@
  */
 
 /**
- *	\file       htdocs/ecm/index.php
+ *	\file       htdocs/ecm/search.php
  *	\ingroup    ecm
  *	\brief      Page to make advanced search into ECM
  */