From e4c97f0b153b9e354c944d41d81940f64d9b2bd3 Mon Sep 17 00:00:00 2001
From: VESSILLER <lvessiller@open-dsi.fr>
Date: Wed, 11 Mar 2020 17:16:44 +0100
Subject: [PATCH] FIX user permission on ajax request getInvoice

---
 htdocs/takepos/ajax/ajax.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/takepos/ajax/ajax.php b/htdocs/takepos/ajax/ajax.php
index 53f32ff48af..b43d7653b4b 100644
--- a/htdocs/takepos/ajax/ajax.php
+++ b/htdocs/takepos/ajax/ajax.php
@@ -120,7 +120,7 @@ elseif ($action == 'search' && $term != '') {
         $object->fetch($id);
         $ret = $printer->sendToPrinter($object, $conf->global->{'TAKEPOS_TEMPLATE_TO_USE_FOR_INVOICES'.$term}, $conf->global->{'TAKEPOS_PRINTER_TO_USE'.$term});
     }
-} elseif ($action == 'getInvoice') {
+} elseif ($action == 'getInvoice' && $user->rights->facture->lire) {
 	require_once DOL_DOCUMENT_ROOT . '/compta/facture/class/facture.class.php';
 
 	$object = new Facture($db);