diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php
index 0a88e17eb02..96a614857ba 100644
--- a/htdocs/user/class/user.class.php
+++ b/htdocs/user/class/user.class.php
@@ -675,14 +675,13 @@ class User extends CommonObject
 	public function hasRight($module, $permlevel1, $permlevel2 = '')
 	{
 		global $conf;
-
 		// For compatibility with bad naming permissions on module
 		$moduletomoduletouse = array(
 			'contract' => 'contrat',
 			'member' => 'adherent',	// We must check $user->rights->adherent...
 			'mo' => 'mrp',
 			'order' => 'commande',
-			'product' => 'produit',	// We must check $user->rights->produit...
+			//'product' => 'produit',	// We must check $user->rights->produit...
 			'project' => 'projet',
 			'shipping' => 'expedition',
 			'task' => 'task@projet',
@@ -695,14 +694,24 @@ class User extends CommonObject
 			'job@hrm' => 'all@hrm', // skill / job / position objects rights are for the moment grouped into right level "all"
 			'position@hrm' => 'all@hrm' // skill / job / position objects rights are for the moment grouped into right level "all"
 		);
+
 		if (!empty($moduletomoduletouse[$module])) {
 			$module = $moduletomoduletouse[$module];
 		}
 
+		$moduleRightsMapping = array(
+			'product' => 'produit',	// We must check $user->rights->produit...
+		);
+
+		$rightsPath = $module;
+		if (!empty($moduleRightsMapping[$rightsPath])) {
+			$rightsPath = $moduleRightsMapping[$rightsPath];
+		}
+
 		// If module is abc@module, we check permission user->rights->module->abc->permlevel1
-		$tmp = explode('@', $module, 2);
+		$tmp = explode('@', $rightsPath, 2);
 		if (! empty($tmp[1])) {
-			$module = $tmp[1];
+			$rightsPath = $tmp[1];
 			$permlevel2 = $permlevel1;
 			$permlevel1 = $tmp[0];
 		}
@@ -723,49 +732,49 @@ class User extends CommonObject
 		if ($permlevel1 == 'recruitmentcandidature') {
 			$permlevel1 = 'recruitmentjobposition';
 		}
-
-		//var_dump($module.' '.$permlevel1.' '.$permlevel2);
-		if (empty($module) || empty($this->rights) || empty($this->rights->$module) || empty($permlevel1)) {
+		//var_dump($module.' '.$permlevel1.' '.$permlevel2. ' '. $rightsPath);
+		//var_dump($this->rights);
+		if (empty($rightsPath) || empty($this->rights) || empty($this->rights->$rightsPath) || empty($permlevel1)) {
 			return 0;
 		}
 
 		if ($permlevel2) {
-			if (!empty($this->rights->$module->$permlevel1)) {
-				if (!empty($this->rights->$module->$permlevel1->$permlevel2)) {
-					return $this->rights->$module->$permlevel1->$permlevel2;
+			if (!empty($this->rights->$rightsPath->$permlevel1)) {
+				if (!empty($this->rights->$rightsPath->$permlevel1->$permlevel2)) {
+					return $this->rights->$rightsPath->$permlevel1->$permlevel2;
 				}
 				// For backward compatibility with old permissions called "lire", "creer", "create", "supprimer"
 				// instead of "read", "write", "delete"
-				if ($permlevel2 == 'read' && !empty($this->rights->$module->$permlevel1->lire)) {
-					return $this->rights->$module->lire;
+				if ($permlevel2 == 'read' && !empty($this->rights->$rightsPath->$permlevel1->lire)) {
+					return $this->rights->$rightsPath->lire;
 				}
-				if ($permlevel2 == 'write' && !empty($this->rights->$module->$permlevel1->creer)) {
-					return $this->rights->$module->create;
+				if ($permlevel2 == 'write' && !empty($this->rights->$rightsPath->$permlevel1->creer)) {
+					return $this->rights->$rightsPath->create;
 				}
-				if ($permlevel2 == 'write' && !empty($this->rights->$module->$permlevel1->create)) {
-					return $this->rights->$module->create;
+				if ($permlevel2 == 'write' && !empty($this->rights->$rightsPath->$permlevel1->create)) {
+					return $this->rights->$rightsPath->create;
 				}
-				if ($permlevel2 == 'delete' && !empty($this->rights->$module->$permlevel1->supprimer)) {
-					return $this->rights->$module->supprimer;
+				if ($permlevel2 == 'delete' && !empty($this->rights->$rightsPath->$permlevel1->supprimer)) {
+					return $this->rights->$rightsPath->supprimer;
 				}
 			}
 		} else {
-			if (!empty($this->rights->$module->$permlevel1)) {
-				return $this->rights->$module->$permlevel1;
+			if (!empty($this->rights->$rightsPath->$permlevel1)) {
+				return $this->rights->$rightsPath->$permlevel1;
 			}
 			// For backward compatibility with old permissions called "lire", "creer", "create", "supprimer"
 			// instead of "read", "write", "delete"
-			if ($permlevel1 == 'read' && !empty($this->rights->$module->lire)) {
-				return $this->rights->$module->lire;
+			if ($permlevel1 == 'read' && !empty($this->rights->$rightsPath->lire)) {
+				return $this->rights->$rightsPath->lire;
 			}
-			if ($permlevel1 == 'write' && !empty($this->rights->$module->creer)) {
-				return $this->rights->$module->create;
+			if ($permlevel1 == 'write' && !empty($this->rights->$rightsPath->creer)) {
+				return $this->rights->$rightsPath->create;
 			}
-			if ($permlevel1 == 'write' && !empty($this->rights->$module->create)) {
-				return $this->rights->$module->create;
+			if ($permlevel1 == 'write' && !empty($this->rights->$rightsPath->create)) {
+				return $this->rights->$rightsPath->create;
 			}
-			if ($permlevel1 == 'delete' && !empty($this->rights->$module->supprimer)) {
-				return $this->rights->$module->supprimer;
+			if ($permlevel1 == 'delete' && !empty($this->rights->$rightsPath->supprimer)) {
+				return $this->rights->$rightsPath->supprimer;
 			}
 		}
 
diff --git a/test/phpunit/UserTest.php b/test/phpunit/UserTest.php
index 699e9fd89f0..bd5ed8ba7ad 100644
--- a/test/phpunit/UserTest.php
+++ b/test/phpunit/UserTest.php
@@ -261,12 +261,40 @@ class UserTest extends PHPUnit\Framework\TestCase
 		return $localobject;
 	}
 
+	/**
+	 * testUserHasRight
+	 * @param	User  $localobject		 User
+	 * @return  User  $localobject		 User
+	 * @depends testUserOther
+	 */
+	public function testUserHasRight($localobject)
+	{
+		global $conf,$user,$langs,$db;
+		$conf=$this->savconf;
+		$user=$this->savuser;
+		$langs=$this->savlangs;
+		$db=$this->savdb;
+		/*$result=$localobject->setstatus(0);
+		print __METHOD__." id=".$localobject->id." result=".$result."\n";
+		$this->assertLessThan($result, 0);
+		*/
+
+		print __METHOD__." id=". $localobject->id ."\n";
+		//$this->assertNotEquals($user->date_creation, '');
+		$localobject->addrights(0, 'supplier_proposal');
+		$this->assertEquals($localobject->hasRight('member', ''), 0);
+		$this->assertEquals($localobject->hasRight('member', 'member'), 0);$this->assertEquals($localobject->hasRight('product', 'member', 'read'), 0);
+		$this->assertEquals($localobject->hasRight('member', 'member'), 0);$this->assertEquals($localobject->hasRight('produit', 'member', 'read'), 0);
+
+		return $localobject;
+	}
+
 	/**
 	 * testUserSetPassword
 	 *
 	 * @param   User  $localobject     User
 	 * @return  void
-	 * @depends testUserOther
+	 * @depends testUserHasRight
 	 * The depends says test is run only if previous is ok
 	 */
 	public function testUserSetPassword($localobject)