diff --git a/htdocs/compta/paiement/card.php b/htdocs/compta/paiement/card.php index b53debd79ba..47897902a9c 100644 --- a/htdocs/compta/paiement/card.php +++ b/htdocs/compta/paiement/card.php @@ -48,7 +48,7 @@ $object = new Paiement($db); // Load object include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be include, not include_once. -$result = restrictedArea($user, $object->element, $object->id, 'paiement', ''); +$result = restrictedArea($user, $object->element, $object->id, 'paiement'); // Security check if ($user->socid) $socid = $user->socid; diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php index f8bde1ce489..c1eda701604 100644 --- a/htdocs/core/lib/security.lib.php +++ b/htdocs/core/lib/security.lib.php @@ -185,7 +185,7 @@ function restrictedArea($user, $features, $objectid = 0, $tableandshare = '', $f //dol_syslog("functions.lib:restrictedArea $feature, $objectid, $dbtablename, $feature2, $dbt_socfield, $dbt_select, $isdraft"); //print "user_id=".$user->id.", features=".$features.", feature2=".$feature2.", objectid=".$objectid; - //print ", dbtablename=".$dbtablename.", dbt_socfield=".$dbt_keyfield.", dbt_select=".$dbt_select; + //print ", dbtablename=".$tableandshare.", dbt_socfield=".$dbt_keyfield.", dbt_select=".$dbt_select; //print ", perm: ".$features."->".$feature2."=".($user->rights->$features->$feature2->lire)."
"; $parentfortableentity = ''; @@ -374,6 +374,8 @@ function restrictedArea($user, $features, $objectid = 0, $tableandshare = '', $f } elseif ($feature == 'salaries') { if (!$user->rights->salaries->delete) $deleteok = 0; + } elseif ($feature == 'payment') { + if (!$user->rights->facture->paiement) $deleteok = 0; } elseif ($feature == 'payment_supplier') { if (!$user->rights->fournisseur->facture->creer) { $deleteok = 0; }