From 40737eac2e23e4fea3cef83a1faa1c6681f59e00 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Thu, 2 Feb 2017 02:49:04 +0100
Subject: [PATCH 1/5] FIX #6361

---
 htdocs/comm/propal/class/propal.class.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/htdocs/comm/propal/class/propal.class.php b/htdocs/comm/propal/class/propal.class.php
index f10d82fdbfa..aabb64d289c 100644
--- a/htdocs/comm/propal/class/propal.class.php
+++ b/htdocs/comm/propal/class/propal.class.php
@@ -2764,6 +2764,8 @@ class Propal extends CommonObject
      */
     function availability($availability_id, $notrigger=0)
     {
+        global $user;
+        
         if ($this->statut >= self::STATUS_DRAFT)
         {
         	$error=0;

From 4d78e0d45c9a7b3b3c262fedf26d8e51a837f9f9 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Thu, 2 Feb 2017 02:53:32 +0100
Subject: [PATCH 2/5] FIX #6315

---
 htdocs/fourn/facture/tpl/linkedobjectblock.tpl.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/htdocs/fourn/facture/tpl/linkedobjectblock.tpl.php b/htdocs/fourn/facture/tpl/linkedobjectblock.tpl.php
index 2257b7b67c4..e54623e1993 100644
--- a/htdocs/fourn/facture/tpl/linkedobjectblock.tpl.php
+++ b/htdocs/fourn/facture/tpl/linkedobjectblock.tpl.php
@@ -2,6 +2,7 @@
 /* Copyright (C) 2010-2011 Regis Houssin <regis.houssin@capnetworks.com>
  * Copyright (C) 2014      Marcos García <marcosgdf@gmail.com>
  * Copyright (C) 2015      Charlie Benke <charlie@patas-monkey.com>
+ * Copyright (C) 2016      Laurent Destailleur <eldy@users.sourceforge.net>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -15,7 +16,6 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
  */
 ?>
 
@@ -48,7 +48,7 @@ foreach($linkedObjectBlock as $key => $objectlink)
     	<td align="right"><?php
     		if ($user->rights->fournisseur->facture->lire) {
     		    $sign = 1;
-    			if ($object->type == Facture::TYPE_CREDIT_NOTE) $sign = -1;
+    			if ($object->type == FactureFournisseur::TYPE_CREDIT_NOTE) $sign = -1;
     			if ($objectlink->statut != 3)		// If not abandonned
     			{
     				$total = $total + $sign * $objectlink->total_ht;

From b5ca8ebef9a0cd771e3098fa947f990ac040b623 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Thu, 2 Feb 2017 03:07:40 +0100
Subject: [PATCH 3/5] FIX #6316

---
 htdocs/projet/element.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/htdocs/projet/element.php b/htdocs/projet/element.php
index da58b8b957c..91fc048c981 100644
--- a/htdocs/projet/element.php
+++ b/htdocs/projet/element.php
@@ -817,8 +817,8 @@ foreach ($listofreferent as $key => $value)
 					}
 					else if ($element_doc === 'invoice_supplier') {
 						$element_doc='facture_fournisseur';
-						$filename = get_exdir($element->id,2,0,0,$this,'product').dol_sanitizeFileName($element->ref);
-						$filedir = $conf->fournisseur->facture->dir_output.'/'.get_exdir($element->id,2,0,0,null,'invoice_supplier').dol_sanitizeFileName($element->ref);
+						$filename = get_exdir($element->id,2,0,0,$element,'product').dol_sanitizeFileName($element->ref);
+						$filedir = $conf->fournisseur->facture->dir_output.'/'.get_exdir($element->id,2,0,0,$element,'invoice_supplier').dol_sanitizeFileName($element->ref);
 					}
 
 					print '<div class="inline-block valignmiddle">'.$formfile->getDocumentsLink($element_doc, $filename, $filedir).'</div>';

From d740bdbc7385b595b33b388da71a6a6760fe37ae Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Fri, 3 Feb 2017 11:38:09 +0100
Subject: [PATCH 4/5] Fix #6365

---
 htdocs/api/class/api.class.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/htdocs/api/class/api.class.php b/htdocs/api/class/api.class.php
index 5ffae225df1..37843be90b9 100644
--- a/htdocs/api/class/api.class.php
+++ b/htdocs/api/class/api.class.php
@@ -170,7 +170,10 @@ class DolibarrApi
 	 * @throws RestException
 	 */
 	static function _checkAccessToResource($resource, $resource_id=0, $dbtablename='', $feature2='', $dbt_keyfield='fk_soc', $dbt_select='rowid') {
-
+        
+        // For backward compatibility
+        if ($resource == 'member') $resource='adherent';
+        
 		// Features/modules to check
 		$featuresarray = array($resource);
 		if (preg_match('/&/', $resource)) {

From 76280f8ae2044f3c0d2d4b5c80e2193d4dcddb87 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Fri, 3 Feb 2017 11:42:49 +0100
Subject: [PATCH 5/5] Fix #6365

---
 htdocs/api/class/api.class.php   | 5 +----
 htdocs/core/lib/security.lib.php | 5 ++++-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/htdocs/api/class/api.class.php b/htdocs/api/class/api.class.php
index 37843be90b9..1204fded0aa 100644
--- a/htdocs/api/class/api.class.php
+++ b/htdocs/api/class/api.class.php
@@ -171,9 +171,6 @@ class DolibarrApi
 	 */
 	static function _checkAccessToResource($resource, $resource_id=0, $dbtablename='', $feature2='', $dbt_keyfield='fk_soc', $dbt_select='rowid') {
         
-        // For backward compatibility
-        if ($resource == 'member') $resource='adherent';
-        
 		// Features/modules to check
 		$featuresarray = array($resource);
 		if (preg_match('/&/', $resource)) {
@@ -188,7 +185,7 @@ class DolibarrApi
 			$feature2 = explode("|", $feature2);
 		}
 
-		return checkUserAccessToObject(DolibarrApiAccess::$user, $featuresarray,$resource_id,$dbtablename,$feature2,$dbt_keyfield,$dbt_select);
+		return checkUserAccessToObject(DolibarrApiAccess::$user, $featuresarray, $resource_id, $dbtablename, $feature2, $dbt_keyfield, $dbt_select);
 	}
 	
 	/**
diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php
index ced20a79ea6..31ea31aca14 100644
--- a/htdocs/core/lib/security.lib.php
+++ b/htdocs/core/lib/security.lib.php
@@ -343,7 +343,7 @@ function restrictedArea($user, $features, $objectid=0, $tableandshare='', $featu
  * This function is also called by restrictedArea
  *
  * @param User		$user			User to check
- * @param array		$featuresarray	Features/modules to check
+ * @param array		$featuresarray	Features/modules to check. Example: ('user','service') 
  * @param int		$objectid		Object ID if we want to check a particular record (optional) is linked to a owned thirdparty (optional).
  * @param string	$tableandshare	'TableName&SharedElement' with Tablename is table where object is stored. SharedElement is an optional key to define where to check entity. Not used if objectid is null (optional)
  * @param string	$feature2		Feature to check, second level of permission (optional). Can be or check with 'level1|level2'.
@@ -365,6 +365,9 @@ function checkUserAccessToObject($user, $featuresarray, $objectid=0, $tableandsh
 	{
 		$sql='';
 
+		// For backward compatibility
+		if ($feature == 'member') $feature='adherent';
+		
 		$check = array('adherent','banque','user','usergroup','produit','service','produit|service','categorie'); // Test on entity only (Objects with no link to company)
 		$checksoc = array('societe');	 // Test for societe object
 		$checkother = array('contact');	 // Test on entity and link to societe. Allowed if link is empty (Ex: contacts...).