From df7ca14b2c770308d8b833ed1b54388034ed91ec Mon Sep 17 00:00:00 2001
From: Alexandre SPANGARO <aspangaro.dolibarr@gmail.com>
Date: Tue, 8 Sep 2020 04:58:25 +0200
Subject: [PATCH] Security access

---
 htdocs/accountancy/admin/card.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/htdocs/accountancy/admin/card.php b/htdocs/accountancy/admin/card.php
index bc695da0203..4ad131f5170 100644
--- a/htdocs/accountancy/admin/card.php
+++ b/htdocs/accountancy/admin/card.php
@@ -44,6 +44,8 @@ $cancel = GETPOST('cancel', 'alpha');
 $accountingaccount = GETPOST('accountingaccount', 'alpha');
 
 // Security check
+if ($user->socid > 0) accessforbidden();
+if (!$user->rights->accounting->chartofaccount) accessforbidden();
 
 
 $object = new AccountingAccount($db);