From a3e5607dcab0a6a16ecf2e60181758209effecb3 Mon Sep 17 00:00:00 2001
From: Regis Houssin <regis@dolibarr.fr>
Date: Tue, 10 Nov 2009 12:49:09 +0000
Subject: [PATCH] Fix: refining permissions to modify an action without the
 right to remove

---
 htdocs/comm/action/fiche.php | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/htdocs/comm/action/fiche.php b/htdocs/comm/action/fiche.php
index 3a193b8222b..e4625462b0e 100644
--- a/htdocs/comm/action/fiche.php
+++ b/htdocs/comm/action/fiche.php
@@ -886,8 +886,7 @@ if ($_GET["id"])
 	if ($_GET["action"] != 'edit')
 	{
 		if ($user->rights->agenda->allactions->modify || 
-		   (($act->author->id == $user->id && $user->rights->agenda->myactions->modify) ||
-		   ($act->usertodo->id == $user->id && $user->rights->agenda->myactions->modify)))
+		   (($act->author->id == $user->id || $act->usertodo->id == $user->id) && $user->rights->agenda->myactions->modify))
 		{
 			print '<a class="butAction" href="fiche.php?action=edit&id='.$act->id.'">'.$langs->trans("Modify").'</a>';
 		}
@@ -896,9 +895,8 @@ if ($_GET["id"])
 			print '<a class="butActionRefused" href="#" title="'.$langs->trans("NotAllowed").'">'.$langs->trans("Modify").'</a>';
 		}
 
-		if ($user->rights->agenda->allactions->create || 
-		   (($act->author->id == $user->id && $user->rights->agenda->myactions->create) ||
-		   ($act->usertodo->id == $user->id && $user->rights->agenda->myactions->create)))
+		if ($user->rights->agenda->allactions->modify || 
+		   (($act->author->id == $user->id || $act->usertodo->id == $user->id) && $user->rights->agenda->myactions->modify))
 		{
 			print '<a class="butActionDelete" href="fiche.php?action=delete&id='.$act->id.'">'.$langs->trans("Delete").'</a>';
 		}