From 6961db00079bffa44d97ae180629f1c7a44f2489 Mon Sep 17 00:00:00 2001
From: De Coninck Laurent <laurent@adlogix.eu>
Date: Fri, 24 Feb 2017 11:01:52 +0100
Subject: [PATCH] use access right to validate expense report created for
 someone else

---
 htdocs/expensereport/card.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/expensereport/card.php b/htdocs/expensereport/card.php
index dd1a86d1a74..e84cf38c15b 100644
--- a/htdocs/expensereport/card.php
+++ b/htdocs/expensereport/card.php
@@ -2092,7 +2092,7 @@ if ($action != 'create' && $action != 'edit')
 	*/
 	if ($user->rights->expensereport->creer && $object->fk_statut==0)
 	{
-		if (in_array($object->fk_user_author, $user->getAllChildIds(1)))
+		if (in_array($object->fk_user_author, $user->getAllChildIds(1)) || !empty($user->rights->expensereport->writeall_advance))
 		{
 			// Modify
 			print '<div class="inline-block divButAction"><a class="butAction" href="'.$_SERVER["PHP_SELF"].'?action=edit&id='.$object->id.'">'.$langs->trans('Modify').'</a></div>';