From b859d4670a406ca248303f1914f7d3e07fa1d290 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Tue, 18 Feb 2020 22:49:53 +0100
Subject: [PATCH] Fix perm

---
 htdocs/api/class/api_documents.class.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/htdocs/api/class/api_documents.class.php b/htdocs/api/class/api_documents.class.php
index 9bde1f0108f..c2b57158aec 100644
--- a/htdocs/api/class/api_documents.class.php
+++ b/htdocs/api/class/api_documents.class.php
@@ -279,7 +279,8 @@ class Documents extends DolibarrApi
 		{
 			require_once DOL_DOCUMENT_ROOT.'/user/class/user.class.php';
 
-			if (!DolibarrApiAccess::$user->rights->societe->lire) {
+			// Can get doc if has permission to read all user or if it is user itself
+			if (!DolibarrApiAccess::$user->rights->user->user->lire && $user->id != $id) {
 				throw new RestException(401);
 			}