diff --git a/htdocs/docsoc.php b/htdocs/docsoc.php
index b953e8ff1d4..d203e96d8fc 100644
--- a/htdocs/docsoc.php
+++ b/htdocs/docsoc.php
@@ -34,32 +34,12 @@ require_once(DOL_DOCUMENT_ROOT."/lib/company.lib.php");
 $langs->load("companies");
 $langs->load('other');
 
-$user->getrights('commercial');
-
 $mesg = "";
 
-// Sécurité accés client
 $socid = isset($_GET["socid"])?$_GET["socid"]:'';
-if ($socid == '') accessforbidden();
-if ($user->societe_id > 0)
-{
-  $action = '';
-  $socid = $user->societe_id;
-}
-
-// Protection restriction commercial
-if (!$user->rights->commercial->client->voir && $socid && !$user->societe_id > 0)
-{
-  $sql = "SELECT sc.fk_soc, s.client";
-  $sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."societe as s";
-  $sql .= " WHERE sc.fk_soc = ".$socid." AND sc.fk_user = ".$user->id." AND s.client = 1";
-  
-  if ( $db->query($sql) )
-    {
-      if ( $db->num_rows() == 0) accessforbidden();
-    }
-}
 
+// Sécurité d'accès client et commerciaux
+$security = restrictedArea($user, 'commercial', $socid, 'societe');
 
 /*
  * Actions
diff --git a/htdocs/lib/functions.inc.php b/htdocs/lib/functions.inc.php
index 2a77df0ae15..0db8ea0058b 100644
--- a/htdocs/lib/functions.inc.php
+++ b/htdocs/lib/functions.inc.php
@@ -1259,6 +1259,7 @@ function dol_loginfunction($notused,$pearstatus)
  	global $db;
  		
  	$user->getrights($modulename);
+ 	$user->getrights('commercial');
  	$socid = 0;
  	
  	//si dbtable non défini, même nom que le module
@@ -1267,31 +1268,47 @@ function dol_loginfunction($notused,$pearstatus)
  	if (!$user->rights->$modulename->lire)
  	{
  		accessforbidden();
- 		return -1;
+ 	}
+ 	else if (!$user->rights->$modulename->creer)
+ 	{
+ 		if ($_GET["action"] == 'create' || $_POST["action"] == 'create')
+ 		{
+ 			accessforbidden();
+ 		}
  	}
  	
  	if ($user->societe_id > 0)
  	{
-    $socid = $user->societe_id;
+    $_GET["action"] = '';
+	  $_POST["action"] = '';
+    $user_socid = $user->societe_id;
   }
-
-  if ($objectid && (!$user->rights->commercial->client->voir || $socid > 0))
+  
+  if ($objectid)
   {
-  	$sql = "SELECT sc.fk_soc, dbt.fk_soc";
-  	$sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX.$dbtablename." as dbt";
-  	$sql .= " WHERE dbt.rowid = ".$objectid;
-    if (!$user->rights->commercial->client->voir && !$socid > 0)
-    {
-    	$sql .= " AND sc.fk_soc = dbt.fk_soc AND sc.fk_user = ".$user->id;
+  	if ($modulename == 'societe' && !$user->rights->commercial->client->voir && !$user_socid > 0)
+  	{
+  		$sql = "SELECT sc.fk_soc";
+      $sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc";
+      $sql .= " WHERE sc.fk_soc = ".$objectid." AND sc.fk_user = ".$user->id;
+    }
+    else if ($objectid && (!$user->rights->commercial->client->voir || $user_socid > 0))
+    {
+  	  $sql = "SELECT sc.fk_soc, dbt.fk_soc";
+  	  $sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX.$dbtablename." as dbt";
+  	  $sql .= " WHERE dbt.rowid = ".$objectid;
+      if (!$user->rights->commercial->client->voir && !$user_socid > 0)
+      {
+    	  $sql .= " AND sc.fk_soc = dbt.fk_soc AND sc.fk_user = ".$user->id;
+      }
+      if ($user_socid > 0) $sql .= " AND dbt.fk_soc = ".$user_socid;
     }
-    if ($socid > 0) $sql .= " AND dbt.fk_soc = ".$socid;
 
     if ($db->query($sql))
     {
       if ($db->num_rows() == 0)
       {
       	accessforbidden();
-      	return -2;
       }
     }
   }
diff --git a/htdocs/soc.php b/htdocs/soc.php
index a287be30e4e..785eceb6ef8 100644
--- a/htdocs/soc.php
+++ b/htdocs/soc.php
@@ -33,42 +33,16 @@
 require("pre.inc.php");
 require_once(DOL_DOCUMENT_ROOT."/lib/company.lib.php");
 
-$user->getrights('societe');
-$user->getrights('commercial');
-
 $langs->load("companies");
 $langs->load("commercial");
 $langs->load("bills");
 
 $socid = isset($_GET["socid"])?$_GET["socid"]:'';
 
-// Sécurité accés client
-if (! $user->rights->societe->creer)
-{
-    if ($_GET["action"] == 'create' || $_POST["action"] == 'create')
-    {
-        accessforbidden();
-    }
-}
-if ($user->societe_id > 0) 
-{
-	$_GET["action"] = '';
-	$_POST["action"] = '';
-	$socid = $user->societe_id;
-}
+// Sécurité d'accès client et commerciaux
+$security = restrictedArea($user, 'societe', $socid);
+print $security;
 
-// Protection restriction commercial
-if (!$user->rights->commercial->client->voir && $socid && !$user->societe_id > 0)
-{
-  $sql = "SELECT sc.fk_soc";
-  $sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc";
-  $sql .= " WHERE sc.fk_soc = ".$socid." AND sc.fk_user = ".$user->id;
-  
-  if ( $db->query($sql) )
-    {
-      if ( $db->num_rows() == 0) accessforbidden();
-    }
-}
 // Initialisation de l'objet Societe
 $soc = new Societe($db);