diff --git a/htdocs/bom/bom_list.php b/htdocs/bom/bom_list.php
index 1f6fa300129..aa690b9468a 100644
--- a/htdocs/bom/bom_list.php
+++ b/htdocs/bom/bom_list.php
@@ -113,6 +113,9 @@ if (is_array($extrafields->attributes[$object->table_element]['label']) && count
 $object->fields = dol_sort_array($object->fields, 'position');
 $arrayfields = dol_sort_array($arrayfields, 'position');
 
+$permissiontoread = $user->rights->bom->read;
+$permissiontoadd = $user->rights->bom->write;
+$permissiontodelete = $user->rights->bom->delete;
 
 
 /*
@@ -154,9 +157,64 @@ if (empty($reshook))
 	$permissiontodelete = $user->rights->bom->delete;
 	$uploaddir = $conf->bom->dir_output;
 	include DOL_DOCUMENT_ROOT.'/core/actions_massactions.inc.php';
-}
 
 
+	// Validate records
+	if (! $error && $massaction == 'disable' && $permissiontoadd)
+	{
+		$objecttmp=new $objectclass($db);
+
+		if (! $error)
+		{
+			$db->begin();
+
+			$nbok = 0;
+			foreach($toselect as $toselectid)
+			{
+				$result=$objecttmp->fetch($toselectid);
+				if ($result > 0)
+				{
+					if ($objecttmp->status != $objecttmp::STATUS_VALIDATED)
+					{
+						$langs->load("errors");
+						setEventMessages($langs->trans("ErrorObjectMustHaveStatusValidatedToBeDisabled", $objecttmp->ref), null, 'errors');
+						$error++;
+						break;
+					}
+
+					// Can be 'cancel()' or 'close()'
+					$result = $objecttmp->cancel($user);
+					if ($result < 0)
+					{
+						setEventMessages($objecttmp->error, $objecttmp->errors, 'errors');
+						$error++;
+						break;
+					}
+					else $nbok++;
+				}
+				else
+				{
+					setEventMessages($objecttmp->error, $objecttmp->errors, 'errors');
+					$error++;
+					break;
+				}
+			}
+
+			if (! $error)
+			{
+				if ($nbok > 1) setEventMessages($langs->trans("RecordsModified", $nbok), null, 'mesgs');
+				else setEventMessages($langs->trans("RecordsModified", $nbok), null, 'mesgs');
+				$db->commit();
+			}
+			else
+			{
+				$db->rollback();
+			}
+			//var_dump($listofobjectthirdparties);exit;
+		}
+	}
+}
+
 
 /*
  * View
diff --git a/htdocs/comm/propal/list.php b/htdocs/comm/propal/list.php
index 0eb3b947391..0c52fea9f35 100644
--- a/htdocs/comm/propal/list.php
+++ b/htdocs/comm/propal/list.php
@@ -243,7 +243,7 @@ if (empty($reshook))
 	$objectlabel='Proposals';
 	$permissiontoread = $user->rights->propal->lire;
 	$permissiontodelete = $user->rights->propal->supprimer;
-	$permtoclose = $user->rights->propal->cloturer;
+	$permissiontoclose = $user->rights->propal->cloturer;
 	$uploaddir = $conf->propal->multidir_output[$conf->entity];
 	include DOL_DOCUMENT_ROOT.'/core/actions_massactions.inc.php';
 }
diff --git a/htdocs/core/actions_massactions.inc.php b/htdocs/core/actions_massactions.inc.php
index 752e8dcc352..07f294479b3 100644
--- a/htdocs/core/actions_massactions.inc.php
+++ b/htdocs/core/actions_massactions.inc.php
@@ -30,7 +30,7 @@
 // $objectclass and $objectlabel must be defined
 // $parameters, $object, $action must be defined for the hook.
 
-// $permissiontoread, $permissiontoadd and $permissiontodelete may be defined
+// $permissiontoread, $permissiontoadd, $permissiontodelete, $permissiontoclose may be defined
 // $uploaddir may be defined (example to $conf->projet->dir_output."/";)
 // $toselect may be defined
 // $diroutputmassaction may be defined
@@ -1175,64 +1175,9 @@ if (! $error && $massaction == 'validate' && $permissiontoadd)
 		//var_dump($listofobjectthirdparties);exit;
 	}
 }
-var_dump($permissiontoadd);
-// Validate records
-if (! $error && $massaction == 'disable' && $permissiontocreate)
-{
-	$objecttmp=new $objectclass($db);
-
-	if (! $error)
-	{
-		$db->begin();
-
-		$nbok = 0;
-		foreach($toselect as $toselectid)
-		{
-			$result=$objecttmp->fetch($toselectid);
-			if ($result > 0)
-			{
-				//if (in_array($objecttmp->element, array('societe','member'))) $result = $objecttmp->delete($objecttmp->id, $user, 1);
-				//else
-				$result = $objecttmp->close($user);
-				if ($result == $objecttmp::STATUS_VALIDATED)
-				{
-					$langs->load("errors");
-					setEventMessages($langs->trans("ErrorObjectMustHaveStatusValidatedToBeDisabled", $objecttmp->ref), null, 'errors');
-					$error++;
-					break;
-				}
-				elseif ($result < 0)
-				{
-					setEventMessages($objecttmp->error, $objecttmp->errors, 'errors');
-					$error++;
-					break;
-				}
-				else $nbok++;
-			}
-			else
-			{
-				setEventMessages($objecttmp->error, $objecttmp->errors, 'errors');
-				$error++;
-				break;
-			}
-		}
-
-		if (! $error)
-		{
-			if ($nbok > 1) setEventMessages($langs->trans("RecordsModified", $nbok), null, 'mesgs');
-			else setEventMessages($langs->trans("RecordsModified", $nbok), null, 'mesgs');
-			$db->commit();
-		}
-		else
-		{
-			$db->rollback();
-		}
-		//var_dump($listofobjectthirdparties);exit;
-	}
-}
 
 // Closed records
-if (!$error && $massaction == 'closed' && $objectclass == "Propal" && $permtoclose) {
+if (!$error && $massaction == 'closed' && $objectclass == "Propal" && $permissiontoclose) {
     $db->begin();
 
     $objecttmp = new $objectclass($db);
diff --git a/htdocs/modulebuilder/template/myobject_list.php b/htdocs/modulebuilder/template/myobject_list.php
index bc5bab684dc..0224b7f12d2 100644
--- a/htdocs/modulebuilder/template/myobject_list.php
+++ b/htdocs/modulebuilder/template/myobject_list.php
@@ -154,7 +154,7 @@ $object->fields = dol_sort_array($object->fields, 'position');
 $arrayfields = dol_sort_array($arrayfields, 'position');
 
 $permissiontoread = $user->rights->mymodule->myobject->read;
-$permtowrite = $user->rights->mymodule->myobject->write;
+$permissiontoadd = $user->rights->mymodule->myobject->write;
 $permissiontodelete = $user->rights->mymodule->myobject->delete;
 
 
@@ -361,7 +361,7 @@ print '<input type="hidden" name="sortorder" value="'.$sortorder.'">';
 print '<input type="hidden" name="page" value="'.$page.'">';
 print '<input type="hidden" name="contextpage" value="'.$contextpage.'">';
 
-$newcardbutton = dolGetButtonTitle($langs->trans('New'), '', 'fa fa-plus-circle', dol_buildpath('/mymodule/myobject_card.php', 1).'?action=create&backtopage='.urlencode($_SERVER['PHP_SELF']), '', $permtowrite);
+$newcardbutton = dolGetButtonTitle($langs->trans('New'), '', 'fa fa-plus-circle', dol_buildpath('/mymodule/myobject_card.php', 1).'?action=create&backtopage='.urlencode($_SERVER['PHP_SELF']), '', $permissiontoadd);
 
 print_barre_liste($title, $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, $massactionbutton, $num, $nbtotalofrecords, 'title_companies', 0, $newcardbutton, '', $limit);
 
@@ -595,7 +595,7 @@ if (in_array('builddoc', $arrayofmassactions) && ($nbtotalofrecords === '' || $n
 
 	$filedir=$diroutputmassaction;
 	$genallowed=$permissiontoread;
-	$delallowed=$permtowrite;
+	$delallowed=$permissiontoadd;
 
 	print $formfile->showdocuments('massfilesarea_mymodule', '', $filedir, $urlsource, 0, $delallowed, '', 1, 1, 0, 48, 1, $param, $title, '', '', '', null, $hidegeneratedfilelistifempty);
 }