diff --git a/htdocs/holiday/card.php b/htdocs/holiday/card.php
index 605a101ad54..530bb125241 100644
--- a/htdocs/holiday/card.php
+++ b/htdocs/holiday/card.php
@@ -48,10 +48,6 @@ $id=GETPOST('id', 'int');
 $ref=GETPOST('ref', 'alpha');
 $fuserid = (GETPOST('fuserid', 'int')?GETPOST('fuserid', 'int'):$user->id);
 
-// Protection if external user
-if ($user->societe_id) $socid=$user->societe_id;
-$result = restrictedArea($user, 'holiday', $id, 'holiday');
-
 // Load translation files required by the page
 $langs->loadLangs(array("holiday","mails"));
 
@@ -65,14 +61,15 @@ if (! empty($conf->global->HOLIDAY_FOR_NON_SALARIES_TOO)) $morefilter = '';
 $error = 0;
 
 $object = new Holiday($db);
+
 $extrafields = new ExtraFields($db);
 
 // fetch optionals attributes and labels
 $extrafields->fetch_name_optionals_label($object->table_element);
 
-if ($id > 0)
+if (($id > 0) || $ref)
 {
-    $object->fetch($id);
+    $object->fetch($id, $ref);
 
     // Check current user can read this leave request
     $canread = 0;
@@ -92,6 +89,10 @@ $candelete = 0;
 if (! empty($user->rights->holiday->delete)) $candelete=1;
 if ($object->statut == Holiday::STATUS_DRAFT && $user->rights->holiday->write && in_array($object->fk_user, $childids)) $candelete=1;
 
+// Protection if external user
+if ($user->societe_id) $socid=$user->societe_id;
+$result = restrictedArea($user, 'holiday', $object->id, 'holiday');
+
 
 /*
  * Actions