From b2a3c6acd72ccd03afc95ca3765f84efc0b78ec0 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@users.sourceforge.net>
Date: Mon, 31 Jul 2006 23:20:41 +0000
Subject: [PATCH] Correction protection habilitations

---
 htdocs/comm/fiche.php | 2 +-
 htdocs/soc.php        | 2 +-
 htdocs/socnote.php    | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/htdocs/comm/fiche.php b/htdocs/comm/fiche.php
index aeaa0ad5eab..0fc7305c9db 100644
--- a/htdocs/comm/fiche.php
+++ b/htdocs/comm/fiche.php
@@ -75,7 +75,7 @@ if (! $sortorder) $sortorder="ASC";
 if (! $sortfield) $sortfield="nom";
 
 
-if ($_GET["action"] == 'attribute_prefix')
+if ($_GET["action"] == 'attribute_prefix' && $user->rights->societe->creer)
 {
     $societe = new Societe($db, $_GET["socid"]);
     $societe->attribute_prefix($db, $_GET["socid"]);
diff --git a/htdocs/soc.php b/htdocs/soc.php
index 3076ea6e616..2cac966db7e 100644
--- a/htdocs/soc.php
+++ b/htdocs/soc.php
@@ -93,7 +93,7 @@ if ($_POST["getsuppliercode"])
 }
 
 if ((! $_POST["getcustomercode"] && ! $_POST["getsuppliercode"])
-	 && ($_POST["action"] == 'add' || $_POST["action"] == 'update'))
+	 && ($_POST["action"] == 'add' || $_POST["action"] == 'update') && $user->rights->societe->creer)
 {
     $soc->nom                   = $_POST["nom"];
     $soc->adresse               = $_POST["adresse"];
diff --git a/htdocs/socnote.php b/htdocs/socnote.php
index 5878441e762..070982f942e 100644
--- a/htdocs/socnote.php
+++ b/htdocs/socnote.php
@@ -119,7 +119,7 @@ if ($socidp > 0)
 		print "<input type=\"hidden\" name=\"socid\" value=\"".$societe->id."\">";
 
 	    // éditeur wysiwyg
-		if ($conf->fckeditor->enabled && $conf->global->FCKEDITOR_ENABLE_MAILING)
+		if ($conf->fckeditor->enabled && $conf->global->FCKEDITOR_ENABLE_SOCIETE)
 	    {
 			require_once(DOL_DOCUMENT_ROOT."/lib/doleditor.class.php");
 			$doleditor=new DolEditor('note',$societe->note,280,'dolibarr_notes');