diff --git a/htdocs/user/perms.php b/htdocs/user/perms.php
index a1e648e1c21..d188321cb22 100644
--- a/htdocs/user/perms.php
+++ b/htdocs/user/perms.php
@@ -55,7 +55,7 @@ if ($_GET["subaction"] == 'delrights' && $user->admin)
if ($_POST["action"] == 'confirm_delete' && $_POST["confirm"] == "yes")
{
- if ($_GET["id"] <> $user->id)
+ if ($_GET["id"] <> $user->id && $user->admin)
{
$edituser = new User($db, $_GET["id"]);
$edituser->fetch($_GET["id"]);
@@ -70,40 +70,45 @@ if ($_POST["action"] == 'confirm_delete' && $_POST["confirm"] == "yes")
if ($_POST["action"] == 'add' && $user->admin)
{
$message="";
- if (! $_POST["nom"]) {
- $message=''.$langs->trans("NameNotDefined").'
';
- $action="create"; // Go back to create page
- }
- if (! $_POST["login"]) {
- $message=''.$langs->trans("LoginNotDefined").'
';
- $action="create"; // Go back to create page
- }
- if (! $message) {
- $edituser = new User($db,0);
-
- $edituser->nom = trim($_POST["nom"]);
- $edituser->note = trim($_POST["note"]);
- $edituser->prenom = trim($_POST["prenom"]);
- $edituser->login = trim($_POST["login"]);
- $edituser->email = trim($_POST["email"]);
- $edituser->admin = trim($_POST["admin"]);
- $edituser->webcal_login = trim($_POST["webcal_login"]);
-
- $id = $edituser->create();
-
- if ($id) {
- if (isset($_POST['password']) && trim($_POST['password']))
- {
- $edituser->password(trim($_POST['password']),$conf->password_encrypted);
- }
-
- Header("Location: fiche.php?id=$id");
- }
- else {
- $message=''.$langs->trans("ErrorLoginAlreadyExists",$edituser->login).'
';
+ if (! $_POST["nom"])
+ {
+ $message=''.$langs->trans("NameNotDefined").'
';
$action="create"; // Go back to create page
}
- }
+ if (! $_POST["login"])
+ {
+ $message=''.$langs->trans("LoginNotDefined").'
';
+ $action="create"; // Go back to create page
+ }
+ if (! $message)
+ {
+ $edituser = new User($db,0);
+
+ $edituser->nom = trim($_POST["nom"]);
+ $edituser->note = trim($_POST["note"]);
+ $edituser->prenom = trim($_POST["prenom"]);
+ $edituser->login = trim($_POST["login"]);
+ $edituser->email = trim($_POST["email"]);
+ $edituser->admin = trim($_POST["admin"]);
+ $edituser->webcal_login = trim($_POST["webcal_login"]);
+
+ $id = $edituser->create();
+
+ if ($id)
+ {
+ if (isset($_POST['password']) && trim($_POST['password']))
+ {
+ $edituser->password(trim($_POST['password']),$conf->password_encrypted);
+ }
+
+ Header("Location: fiche.php?id=$id");
+ }
+ else
+ {
+ $message=''.$langs->trans("ErrorLoginAlreadyExists",$edituser->login).'
';
+ $action="create"; // Go back to create page
+ }
+ }
}
@@ -112,7 +117,7 @@ if ($_GET["action"] == 'password' && $user->admin)
{
$edituser = new User($db, $_GET["id"]);
$edituser->fetch();
-
+
if ($edituser->password($user,'',$conf->password_encrypted))
{
$message = ''.$langs->trans("PasswordChangedAndSentTo",$edituser->email).'
';
@@ -145,7 +150,7 @@ if ($_GET["id"])
$head[$h][1] = $langs->trans("UserCard");
$h++;
- $head[$h][0] = DOL_URL_ROOT.'/user/fiche.php?action=perms&id='.$fuser->id;
+ $head[$h][0] = DOL_URL_ROOT.'/user/perms.php?id='.$fuser->id;
$head[$h][1] = $langs->trans("Permissions");
$hselected=$h;
$h++;
@@ -215,29 +220,38 @@ if ($_GET["id"])
}
print '';
-
-
- if (in_array($obj->id, $perms))
+ if ( $user->admin )
{
- print '| | ';
- print '';
- print "id."&action=perms&subaction=delrights&rights=".$obj->id."\">".img_edit_remove()."\n";
- print ' | ';
+ if (in_array($obj->id, $perms))
+ {
+ print ' | ';
+ print '';
+ print "id."&action=perms&subaction=delrights&rights=".$obj->id."\">".img_edit_remove()."\n";
+ print ' | ';
+
+ }
+ else
+ {
+ print '';
+ print ''.img_edit_add().'';
+ print ' | ';
+ print ' | ';
+ }
+
+ print ''.$obj->libelle . ' | '.$obj->module . ' | ';
+ print '
';
}
else
{
- print '';
- print ''.img_edit_add().'';
- print ' | ';
- print ' | ';
+ if (in_array($obj->id, $perms))
+ {
+ print ' | | ';
+ print ''.$obj->libelle . ' | '.$obj->module . ' | ';
+ print '';
+ }
}
-
-
- print ''.$obj->libelle . ' | '.$obj->module . ' | ';
- print '';
-
$i++;
}