diff --git a/htdocs/cron/card.php b/htdocs/cron/card.php
index 9900db2c9d6..983c02f244a 100644
--- a/htdocs/cron/card.php
+++ b/htdocs/cron/card.php
@@ -46,12 +46,14 @@ $backtopageforcancel = GETPOST('backtopageforcancel', 'alpha');
$securitykey = GETPOST('securitykey', 'alpha');
-$permissiontoadd = $user->rights->cron->create;
-
-if (!$user->rights->cron->create) {
+if (!$user->hasRights('cron', 'create')) {
accessforbidden();
}
+$permissiontoadd = $user->hasRights('cron', 'create');
+$permissiontoexecute = $user->hasRights('cron', 'execute');
+$permissiontodelete = $user->hasRights('cron', 'delete');
+
/*
* Actions
@@ -80,7 +82,7 @@ if (!empty($cancel)) {
}
// Delete jobs
-if ($action == 'confirm_delete' && $confirm == "yes" && $user->rights->cron->delete) {
+if ($action == 'confirm_delete' && $confirm == "yes" && $permissiontodelete) {
$result = $object->delete($user);
if ($result < 0) {
@@ -93,7 +95,7 @@ if ($action == 'confirm_delete' && $confirm == "yes" && $user->rights->cron->del
}
// Execute jobs
-if ($action == 'confirm_execute' && $confirm == "yes" && $user->rights->cron->execute) {
+if ($action == 'confirm_execute' && $confirm == "yes" && $permissiontoexecute) {
if (!empty($conf->global->CRON_KEY) && $conf->global->CRON_KEY != $securitykey) {
setEventMessages('Security key '.$securitykey.' is wrong', null, 'errors');
$action = '';
@@ -123,7 +125,7 @@ if ($action == 'confirm_execute' && $confirm == "yes" && $user->rights->cron->ex
}
-if ($action == 'add') {
+if ($action == 'add' && $permissiontoadd) {
$object->jobtype = GETPOST('jobtype');
$object->label = GETPOST('label');
$object->command = GETPOST('command');
@@ -157,7 +159,7 @@ if ($action == 'add') {
}
// Save parameters
-if ($action == 'update') {
+if ($action == 'update' && $permissiontoadd) {
$object->id = $id;
$object->jobtype = GETPOST('jobtype');
$object->label = GETPOST('label');
@@ -191,7 +193,7 @@ if ($action == 'update') {
}
}
-if ($action == 'activate') {
+if ($action == 'activate' && $permissiontoadd) {
$object->status = 1;
// Add cron task
@@ -207,7 +209,7 @@ if ($action == 'activate') {
}
}
-if ($action == 'inactive') {
+if ($action == 'inactive' && $permissiontoadd) {
$object->status = 0;
$object->processing = 0;
@@ -225,7 +227,7 @@ if ($action == 'inactive') {
}
// Action clone object
-if ($action == 'confirm_clone' && $confirm == 'yes' && !empty($permissiontoadd)) {
+if ($action == 'confirm_clone' && $confirm == 'yes' && $permissiontoadd) {
if (1 == 0 && !GETPOST('clone_content') && !GETPOST('clone_receivers')) {
setEventMessages($langs->trans("NoCloneOptionsSpecified"), null, 'errors');
} else {
@@ -799,7 +801,7 @@ if (($action == "create") || ($action == "edit")) {
} elseif (empty($object->status)) {
print ''.$langs->trans("CronExecute").'';
} else {
- print ''.$langs->trans("CronExecute").'';
+ print ''.$langs->trans("CronExecute").'';
}
if (!$user->rights->cron->create) {
diff --git a/htdocs/langs/en_US/admin.lang b/htdocs/langs/en_US/admin.lang
index 05d9bf2aa51..9706ffedb76 100644
--- a/htdocs/langs/en_US/admin.lang
+++ b/htdocs/langs/en_US/admin.lang
@@ -705,7 +705,7 @@ Module62000Desc=Add features to manage Incoterms
Module63000Name=Resources
Module63000Desc=Manage resources (printers, cars, rooms, ...) for allocating to events
Module94160Name=Receptions
-Permission11=Read customer invoices
+Permission11=Read customer invoices (and payments)
Permission12=Create/modify customer invoices
Permission13=Invalidate customer invoices
Permission14=Validate customer invoices
@@ -947,7 +947,7 @@ Permission1190=Approve (second approval) purchase orders
Permission1191=Export supplier orders and their attributes
Permission1201=Get result of an export
Permission1202=Create/Modify an export
-Permission1231=Read vendor invoices
+Permission1231=Read vendor invoices (and payments)
Permission1232=Create/modify vendor invoices
Permission1233=Validate vendor invoices
Permission1234=Delete vendor invoices