From bd95e5265ea2be28a15b2d8dd1cecef421a6b0ec Mon Sep 17 00:00:00 2001
From: Regis Houssin <regis.houssin@capnetworks.com>
Date: Thu, 12 Apr 2018 18:05:12 +0200
Subject: [PATCH 1/2] Fix: wrong permissions

---
 htdocs/user/group/list.php | 10 +++++++++-
 htdocs/user/list.php       |  5 ++++-
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/htdocs/user/group/list.php b/htdocs/user/group/list.php
index 29bd19a25ae..cf0c23f9fec 100644
--- a/htdocs/user/group/list.php
+++ b/htdocs/user/group/list.php
@@ -45,6 +45,14 @@ $sall=trim((GETPOST('search_all', 'alphanohtml')!='')?GETPOST('search_all', 'alp
 $search_group=GETPOST('search_group');
 $optioncss = GETPOST('optioncss','alpha');
 
+// Defini si peux lire/modifier utilisateurs et permisssions
+$caneditperms=($user->admin || $user->rights->user->user->creer);
+// Advanced permissions
+if (! empty($conf->global->MAIN_USE_ADVANCED_PERMS))
+{
+	$caneditperms=($user->admin || $user->rights->user->group_advance->write);
+}
+
 // Load variable for pagination
 $limit = GETPOST('limit','int')?GETPOST('limit','int'):$conf->liste_limit;
 $sortfield = GETPOST('sortfield','alpha');
@@ -131,7 +139,7 @@ if ($resql)
     $text = $langs->trans("ListOfGroups");
 
     $newcardbutton='';
-    if ($user->rights->propal->creer)
+    if ($caneditperms)
     {
     	$newcardbutton='<a class="butAction" href="'.DOL_URL_ROOT.'/user/group/card.php?action=create&leftmenu=">'.$langs->trans('NewGroup').'</a>';
     }
diff --git a/htdocs/user/list.php b/htdocs/user/list.php
index 2020af40323..3521b4bbde0 100644
--- a/htdocs/user/list.php
+++ b/htdocs/user/list.php
@@ -56,6 +56,9 @@ $pagenext = $page + 1;
 if (! $sortfield) $sortfield="u.login";
 if (! $sortorder) $sortorder="ASC";
 
+// Define value to know what current user can do on users
+$canadduser=(! empty($user->admin) || $user->rights->user->user->creer);
+
 // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
 $object = new User($db);
 $hookmanager->initHooks(array('userlist'));
@@ -272,7 +275,7 @@ include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_param.tpl.php';
 $text = $langs->trans("ListOfUsers");
 
 $newcardbutton='';
-if ($user->rights->propal->creer)
+if ($canadduser)
 {
 	$newcardbutton='<a class="butAction" href="'.DOL_URL_ROOT.'/user/card.php?action=create'.($mode == 'employee' ? '&employee=1': '').'&leftmenu=">'.$langs->trans('NewUser').'</a>';
 }

From ee61324caf255b1a17e028e48a37dbc30848ee71 Mon Sep 17 00:00:00 2001
From: Regis Houssin <regis.houssin@capnetworks.com>
Date: Thu, 12 Apr 2018 18:57:51 +0200
Subject: [PATCH 2/2] Fix: show \r\n if description contain <br>

---
 htdocs/user/class/usergroup.class.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/htdocs/user/class/usergroup.class.php b/htdocs/user/class/usergroup.class.php
index 859c5267d04..bfdb80b56d2 100644
--- a/htdocs/user/class/usergroup.class.php
+++ b/htdocs/user/class/usergroup.class.php
@@ -831,9 +831,9 @@ class UserGroup extends CommonObject
 			{
 				$langs->load("users");
 				$label=$langs->trans("ShowGroup");
-				$linkclose.=' alt="'.dol_escape_htmltag($label, 1).'"';
+				$linkclose.=' alt="'.dol_escape_htmltag($label, 1, 1).'"';
 			}
-			$linkclose.= ' title="'.dol_escape_htmltag($label, 1).'"';
+			$linkclose.= ' title="'.dol_escape_htmltag($label, 1, 1).'"';
 			$linkclose.= ' class="classfortooltip'.($morecss?' '.$morecss:'').'"';
 		}
 		/*if (! is_object($hookmanager))