From f2771b33658ec0cd85974cfbc5501171e787068e Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Sat, 25 Jan 2020 14:23:23 +0100
Subject: [PATCH] FIX #12896

---
 htdocs/compta/cashcontrol/cashcontrol_card.php | 6 +++---
 htdocs/compta/cashcontrol/cashcontrol_list.php | 4 ++--
 htdocs/core/menus/standard/eldy.lib.php        | 2 +-
 htdocs/core/modules/modCashDesk.class.php      | 6 +++---
 htdocs/core/modules/modTakePos.class.php       | 6 +++---
 htdocs/takepos/takepos.php                     | 3 +++
 6 files changed, 15 insertions(+), 12 deletions(-)

diff --git a/htdocs/compta/cashcontrol/cashcontrol_card.php b/htdocs/compta/cashcontrol/cashcontrol_card.php
index 7958d107ec8..4c60434619a 100644
--- a/htdocs/compta/cashcontrol/cashcontrol_card.php
+++ b/htdocs/compta/cashcontrol/cashcontrol_card.php
@@ -56,7 +56,7 @@ if (!$sortfield) $sortfield = 'rowid';
 if (!$sortorder) $sortorder = 'ASC';
 
 // Security check
-if (!$user->rights->cashdesk->use && !$user->rights->takepos->use)
+if (!$user->rights->cashdesk->run && !$user->rights->takepos->run)
 {
 	accessforbidden();
 }
@@ -82,8 +82,8 @@ $hookmanager->initHooks(array('cashcontrolcard', 'globalcard'));
  * Actions
  */
 
-$permissiontoadd = ($user->rights->cashdesk->use || $user->rights->takepos->use);
-$permissiontodelete = ($user->rights->cashdesk->use || $user->rights->takepos->use) || ($permissiontoadd && $object->status == 0);
+$permissiontoadd = ($user->rights->cashdesk->run || $user->rights->takepos->run);
+$permissiontodelete = ($user->rights->cashdesk->run || $user->rights->takepos->run) || ($permissiontoadd && $object->status == 0);
 if (empty($backtopage)) $backtopage = dol_buildpath('/compta/cashcontrol/cashcontrol_card.php', 1).'?id='.($id > 0 ? $id : '__ID__');
 $backurlforlist = dol_buildpath('/compta/cashcontrol/cashcontrol_list.php', 1);
 $triggermodname = 'CACHCONTROL_MODIFY'; // Name of trigger action code to execute when we modify record
diff --git a/htdocs/compta/cashcontrol/cashcontrol_list.php b/htdocs/compta/cashcontrol/cashcontrol_list.php
index 5bf48189c4a..6c59276d600 100644
--- a/htdocs/compta/cashcontrol/cashcontrol_list.php
+++ b/htdocs/compta/cashcontrol/cashcontrol_list.php
@@ -168,8 +168,8 @@ if (empty($reshook))
 	// Mass actions
 	$objectclass = 'CashControl';
 	$objectlabel = 'CashControl';
-	$permissiontoread = ($user->rights->cashdesk->use || $user->rights->takepos->use);
-	$permissiontodelete = ($user->rights->cashdesk->use || $user->rights->takepos->use);
+	$permissiontoread = ($user->rights->cashdesk->run || $user->rights->takepos->run);
+	$permissiontodelete = ($user->rights->cashdesk->run || $user->rights->takepos->run);
 
 	//$uploaddir = '';
 	//include DOL_DOCUMENT_ROOT.'/core/actions_massactions.inc.php';
diff --git a/htdocs/core/menus/standard/eldy.lib.php b/htdocs/core/menus/standard/eldy.lib.php
index 253b745e25f..5a5a2c5628d 100644
--- a/htdocs/core/menus/standard/eldy.lib.php
+++ b/htdocs/core/menus/standard/eldy.lib.php
@@ -1474,7 +1474,7 @@ function print_left_eldy_menu($db, $menu_array_before, $menu_array_after, &$tabM
 			// Cash Control
 			if (!empty($conf->takepos->enabled) || !empty($conf->cashdesk->enabled))
 			{
-				$permtomakecashfence = ($user->rights->cashdesk->use || $user->rights->takepos->use);
+				$permtomakecashfence = ($user->rights->cashdesk->run || $user->rights->takepos->run);
 				$newmenu->add("/compta/cashcontrol/cashcontrol_list.php?action=list", $langs->trans("POS"), 0, $permtomakecashfence, '', $mainmenu, 'cashcontrol');
 				$newmenu->add("/compta/cashcontrol/cashcontrol_card.php?action=create", $langs->trans("NewCashFence"), 1, $permtomakecashfence);
 				$newmenu->add("/compta/cashcontrol/cashcontrol_list.php?action=list", $langs->trans("List"), 1, $permtomakecashfence);
diff --git a/htdocs/core/modules/modCashDesk.class.php b/htdocs/core/modules/modCashDesk.class.php
index 83495ca1af6..afb5185fb51 100644
--- a/htdocs/core/modules/modCashDesk.class.php
+++ b/htdocs/core/modules/modCashDesk.class.php
@@ -85,10 +85,10 @@ class modCashDesk extends DolibarrModules
 
 		$r++;
 		$this->rights[$r][0] = 50101;
-		$this->rights[$r][1] = 'Use point of sale';
+		$this->rights[$r][1] = 'Use Point of sale';
 		$this->rights[$r][2] = 'a';
 		$this->rights[$r][3] = 0;
-		$this->rights[$r][4] = 'use';
+		$this->rights[$r][4] = 'run';
 
 		// Main menu entries
 		$this->menus = array();			// List of menus to add
@@ -103,7 +103,7 @@ class modCashDesk extends DolibarrModules
 									'langs'=>'cashdesk',	// Lang file to use (without .lang) by module. File must be in langs/code_CODE/ directory.
 									'position'=>900,
                                     'enabled'=>'$conf->cashdesk->enabled',
-		                            'perms'=>'$user->rights->cashdesk->use',		// Use 'perms'=>'1' if you want your menu with no permission rules
+		                            'perms'=>'$user->rights->cashdesk->run',		// Use 'perms'=>'1' if you want your menu with no permission rules
 									'target'=>'pointofsale',
 									'user'=>0);				// 0=Menu for internal users, 1=external users, 2=both
 
diff --git a/htdocs/core/modules/modTakePos.class.php b/htdocs/core/modules/modTakePos.class.php
index b5f79f79d8d..515f18cf690 100644
--- a/htdocs/core/modules/modTakePos.class.php
+++ b/htdocs/core/modules/modTakePos.class.php
@@ -199,10 +199,10 @@ class modTakePos extends DolibarrModules
 
 		$r++;
 		$this->rights[$r][0] = 50151;
-		$this->rights[$r][1] = 'Use point of sale';
+		$this->rights[$r][1] = 'Use Point Of Sale';
 		$this->rights[$r][2] = 'a';
 		$this->rights[$r][3] = 0;
-		$this->rights[$r][4] = 'use';
+		$this->rights[$r][4] = 'run';
 
 
 		// Main menu entries
@@ -221,7 +221,7 @@ class modTakePos extends DolibarrModules
 								'langs'=>'cashdesk',	        // Lang file to use (without .lang) by module. File must be in langs/code_CODE/ directory.
 								'position'=>1000+$r,
 								'enabled'=>'$conf->takepos->enabled',	// Define condition to show or hide menu entry. Use '$conf->takepos->enabled' if entry must be visible if module is enabled.
-								'perms'=>'1',			                // Use 'perms'=>'$user->rights->takepos->level1->level2' if you want your menu with a permission rules
+								'perms'=>'$user->rights->takepos->run',			                // Use 'perms'=>'$user->rights->takepos->level1->level2' if you want your menu with a permission rules
 								'target'=>'takepos',
 								'user'=>2);				                // 0=Menu for internal users, 1=external users, 2=both
 
diff --git a/htdocs/takepos/takepos.php b/htdocs/takepos/takepos.php
index 78ead8ff9c5..a7fb413e5f4 100644
--- a/htdocs/takepos/takepos.php
+++ b/htdocs/takepos/takepos.php
@@ -78,6 +78,9 @@ if ($invoice->socid > 0) $soc->fetch($invoice->socid);
 else $soc->fetch($conf->global->$constforcompanyid);
 */
 
+// Security check
+$result = restrictedArea($user, 'takepos', 0, '');
+
 
 /*
  * View