diff --git a/htdocs/core/modules/DolibarrModules.class.php b/htdocs/core/modules/DolibarrModules.class.php
index 1ed58b2905a..b90ea227037 100644
--- a/htdocs/core/modules/DolibarrModules.class.php
+++ b/htdocs/core/modules/DolibarrModules.class.php
@@ -1736,10 +1736,10 @@ class DolibarrModules // Can not be abstract, because we need to instantiate it
 	/**
 	 * Adds access rights
 	 *
-	 * @param  int $reinitadminperms If 1, we also grant them to all admin users
-	 * @param  int $force_entity     Force current entity
-	 * @param  int $notrigger        1=Does not execute triggers, 0= execute triggers
-	 * @return int                     Error count (0 if OK)
+	 * @param  int $reinitadminperms 	If 1, we also grant them to all admin users
+	 * @param  int $force_entity     	Force current entity
+	 * @param  int $notrigger        	1=Does not execute triggers, 0= execute triggers
+	 * @return int                     	Error count (0 if OK)
 	 */
 	public function insert_permissions($reinitadminperms = 0, $force_entity = null, $notrigger = 0)
 	{
@@ -1761,16 +1761,19 @@ class DolibarrModules // Can not be abstract, because we need to instantiate it
 
 		if ($resql) {
 			$obj = $this->db->fetch_object($resql);
+
 			if ($obj !== null && !empty($obj->value) && !empty($this->rights)) {
+				include_once DOL_DOCUMENT_ROOT.'/user/class/user.class.php';
+
 				// If the module is active
 				foreach ($this->rights as $key => $value) {
-					$r_id       = $this->rights[$key][0];
+					$r_id       = $this->rights[$key][0];	// permission id in llx_rights_def (not unique because primary key is couple id-entity)
 					$r_desc     = $this->rights[$key][1];
 					$r_type     = isset($this->rights[$key][2]) ? $this->rights[$key][2] : '';
 					$r_def      = empty($this->rights[$key][3]) ? 0 : $this->rights[$key][3];
 					$r_perms    = $this->rights[$key][4];
 					$r_subperms = isset($this->rights[$key][5]) ? $this->rights[$key][5] : '';
-					$r_modul = empty($this->rights_class) ?strtolower($this->name) : $this->rights_class;
+					$r_modul = empty($this->rights_class) ? strtolower($this->name) : $this->rights_class;
 
 					if (empty($r_type)) {
 						$r_type = 'w';
@@ -1823,21 +1826,20 @@ class DolibarrModules // Can not be abstract, because we need to instantiate it
 
 					// If we want to init permissions on admin users
 					if ($reinitadminperms) {
-						if (!class_exists('User')) {
-							include_once DOL_DOCUMENT_ROOT.'/user/class/user.class.php';
-						}
 						$sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."user WHERE admin = 1";
 						dol_syslog(get_class($this)."::insert_permissions Search all admin users", LOG_DEBUG);
+
 						$resqlseladmin = $this->db->query($sql, 1);
+
 						if ($resqlseladmin) {
 							$num = $this->db->num_rows($resqlseladmin);
 							$i = 0;
 							while ($i < $num) {
-								  $obj2 = $this->db->fetch_object($resqlseladmin);
-								  dol_syslog(get_class($this)."::insert_permissions Add permission to user id=".$obj2->rowid);
+								$obj2 = $this->db->fetch_object($resqlseladmin);
+								dol_syslog(get_class($this)."::insert_permissions Add permission id '.$r_id.' to user id=".$obj2->rowid);
 
-								  $tmpuser = new User($this->db);
-								  $result = $tmpuser->fetch($obj2->rowid);
+								$tmpuser = new User($this->db);
+								$result = $tmpuser->fetch($obj2->rowid);
 								if ($result > 0) {
 									$tmpuser->addrights($r_id, '', '', 0, 1);
 								} else {
diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php
index 1780c73fc69..58a38e8380b 100644
--- a/htdocs/user/class/user.class.php
+++ b/htdocs/user/class/user.class.php
@@ -786,9 +786,10 @@ class User extends CommonObject
 	{
 		global $conf, $user, $langs;
 
-		$entity = (!empty($entity) ? $entity : $conf->entity);
+		$entity = (empty($entity) ? $conf->entity : $entity);
+
+		dol_syslog(get_class($this)."::addrights $rid, $allmodule, $allperms, $entity, $notrigger for user id=".$this->id);
 
-		dol_syslog(get_class($this)."::addrights $rid, $allmodule, $allperms, $entity");
 		$error = 0;
 		$whereforadd = '';
 
@@ -797,7 +798,7 @@ class User extends CommonObject
 		if (!empty($rid)) {
 			$module = $perms = $subperms = '';
 
-			// Si on a demande ajout d'un droit en particulier, on recupere les caracteristiques (module, perms et subperms) de ce droit.
+			// If we ask to add a given permission, we first load properties of this permission (module, perms and subperms).
 			$sql = "SELECT module, perms, subperms";
 			$sql .= " FROM ".MAIN_DB_PREFIX."rights_def";
 			$sql .= " WHERE id = ".((int) $rid);
@@ -817,9 +818,9 @@ class User extends CommonObject
 				dol_print_error($this->db);
 			}
 
-			// Where pour la liste des droits a ajouter
+			// Define the where for the permission to add
 			$whereforadd = "id=".((int) $rid);
-			// Ajout des droits induits
+			// Add also inherited permissions
 			if (!empty($subperms)) {
 				$whereforadd .= " OR (module='".$this->db->escape($module)."' AND perms='".$this->db->escape($perms)."' AND (subperms='lire' OR subperms='read'))";
 			} elseif (!empty($perms)) {
@@ -848,7 +849,7 @@ class User extends CommonObject
 			$sql .= " FROM ".MAIN_DB_PREFIX."rights_def";
 			$sql .= " WHERE entity = ".((int) $entity);
 			if (!empty($whereforadd) && $whereforadd != 'allmodules') {
-				$sql .= " AND ".$whereforadd;
+				$sql .= " AND (".$whereforadd.")";	// Note: parenthesis are important because wheretoand can contains OR. Also note that $whereforadd is already sanitized
 			}
 
 			$result = $this->db->query($sql);