From 89f3447cf794be07f722e567163dd5201aad55b2 Mon Sep 17 00:00:00 2001
From: Rodolphe Quiedeville <rodolphe@quiedeville.org>
Date: Wed, 6 Aug 2003 12:28:02 +0000
Subject: [PATCH] utilisation de accessforbidden

---
 htdocs/product/index.php3 | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/htdocs/product/index.php3 b/htdocs/product/index.php3
index fccca04afd4..17509c0cc88 100644
--- a/htdocs/product/index.php3
+++ b/htdocs/product/index.php3
@@ -22,6 +22,10 @@
 require("./pre.inc.php3");
 $user->getrights('produit');
 
+if (!$user->rights->produit->lire)
+  accessforbidden();
+
+
 if (strlen($type) == 0)
 {
   $type = 0;
@@ -66,13 +70,6 @@ if ($action == 'update')
       $sql .= " AND lower(p.label) like '%".strtolower($snom)."%'";
     }
 
-if ($user->rights->produit->lire == 0)
-{
-  // sécurité
-  $sql .= " AND 1 = 2";
-}
-
-
   $sql .= " ORDER BY $sortfield $sortorder ";
   $sql .= $db->plimit($limit + 1 ,$offset);
   $result = $db->query($sql) ;