From d1c1cf6bc04a93aff4d82c3242a4d1bde3fc6419 Mon Sep 17 00:00:00 2001
From: Cedric GROSS <c.gross@kreiz-it.fr>
Date: Tue, 7 May 2013 12:07:06 +0200
Subject: [PATCH] Fix invalid permission test when deleting services

---
 htdocs/product/class/product.class.php | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/htdocs/product/class/product.class.php b/htdocs/product/class/product.class.php
index a8803d6e5e8..0832ea2246e 100644
--- a/htdocs/product/class/product.class.php
+++ b/htdocs/product/class/product.class.php
@@ -5,6 +5,7 @@
  * Copyright (C) 2006      Andre Cianfarani     <acianfa@free.fr>
  * Copyright (C) 2007-2011 Jean Heimburger      <jean@tiaris.info>
  * Copyright (C) 2010-2011 Juanjo Menent        <jmenent@2byte.es>
+ * Copyright (C) 2013	   Cedric GROSS	        <c.gross@kreiz-it.fr>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -586,8 +587,12 @@ class Product extends CommonObject
 
 		$error=0;
 
-		if ($user->rights->produit->supprimer)
+		if (($this->type==0 && !$user->rights->produit->supprimer) || ($this->type==1 && !$user->rights->service->supprimer))
 		{
+			$this->error = "ErrorForbidden";
+			return 0;
+		}
+
 			$objectisused = $this->isObjectUsed($id);
 			if (empty($objectisused))
 			{
@@ -686,8 +691,6 @@ class Product extends CommonObject
 				return 0;
 			}
 		}
-		return 0;
-	}
 
 	/**
 	 *	Update ou cree les traductions des infos produits