From 29100a47664b1348d275680c2779e2f209801fe1 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Wed, 10 Feb 2021 02:28:22 +0100
Subject: [PATCH] FIX #16221

---
 htdocs/expensereport/card.php | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/htdocs/expensereport/card.php b/htdocs/expensereport/card.php
index c7efc735051..e1e5fb34f2a 100644
--- a/htdocs/expensereport/card.php
+++ b/htdocs/expensereport/card.php
@@ -225,10 +225,12 @@ if (empty($reshook))
 		if (!($object->fk_user_author > 0)) $object->fk_user_author = $user->id;
 
 		// Check that expense report is for a user inside the hierarchy or advanced permission for all is set
-		if ((empty($conf->global->MAIN_USE_ADVANCED_PERMS) && empty($user->rights->expensereport->creer)) || (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && empty($user->rights->expensereport->writeall_advance))) {
+		if ((empty($conf->global->MAIN_USE_ADVANCED_PERMS) && empty($user->rights->expensereport->creer))
+			|| (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && empty($user->rights->expensereport->creer) && empty($user->rights->expensereport->writeall_advance))) {
 			$error++;
 			setEventMessages($langs->trans("NotEnoughPermission"), null, 'errors');
-		} else {
+		}
+		if (!$error) {
 			if (empty($conf->global->MAIN_USE_ADVANCED_PERMS) || empty($user->rights->expensereport->writeall_advance)) {
 				if (!in_array($object->fk_user_author, $childids)) {
 					$error++;