From 721d0a6afd9fdb9893f00ee87c45c05d9fa48ece Mon Sep 17 00:00:00 2001
From: Regis Houssin <regis@dolibarr.fr>
Date: Fri, 29 Oct 2010 05:44:12 +0000
Subject: [PATCH] New: Task #10725

---
 htdocs/user/perms.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/htdocs/user/perms.php b/htdocs/user/perms.php
index 705ae572295..99777f1779d 100644
--- a/htdocs/user/perms.php
+++ b/htdocs/user/perms.php
@@ -37,13 +37,13 @@ $module=isset($_GET["module"])?$_GET["module"]:$_POST["module"];
 if (! isset($_GET["id"]) || empty($_GET["id"])) accessforbidden();
 
 // Defini si peux lire les permissions
-$canreaduser=($user->admin || $user->rights->user->user->lire);
+$canreaduser=($user->admin || ($user->rights->user->user->lire && $user->rights->user->user->readperms));
 
 // Defini si peux modifier les autres utilisateurs et leurs permisssions
 $caneditperms=($user->admin || $user->rights->user->user->creer);
 
 // Defini si peux modifier ses propres permissions
-$caneditselfperms=($user->admin || $user->rights->user->self->perms);
+$caneditselfperms=($user->admin || ($user->id == $_GET["id"] && $user->rights->user->self->writeperms));
 
 // Security check
 $socid=0;