From 8ccc57e70fbfccd482a91c82bfb82da0eaac3d64 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Thu, 2 Mar 2017 11:46:31 +0100
Subject: [PATCH] Fix compatibility with multicompany

---
 htdocs/core/lib/security.lib.php  | 4 ++--
 htdocs/expensereport/document.php | 2 +-
 htdocs/expensereport/info.php     | 2 +-
 htdocs/expensereport/note.php     | 2 +-
 4 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php
index 31ea31aca14..c20169270bf 100644
--- a/htdocs/core/lib/security.lib.php
+++ b/htdocs/core/lib/security.lib.php
@@ -102,7 +102,7 @@ function dol_hash($chain,$type=0)
  *	@param	User	$user      	  	User to check
  *	@param  string	$features	    Features to check (it must be module name. Examples: 'societe', 'contact', 'produit&service', 'produit|service', ...)
  *	@param  int		$objectid      	Object ID if we want to check a particular record (optional) is linked to a owned thirdparty (optional).
- *	@param  string	$tableandshare  'TableName&SharedElement' with Tablename is table where object is stored. SharedElement is an optional key to define where to check entity. Not used if objectid is null (optional)
+ *	@param  string	$tableandshare  'TableName&SharedElement' with Tablename is table where object is stored. SharedElement is an optional key to define where to check entity for multicompany modume. Param not used if objectid is null (optional).
  *	@param  string	$feature2		Feature to check, second level of permission (optional). Can be or check with 'level1|level2'.
  *  @param  string	$dbt_keyfield   Field name for socid foreign key if not fk_soc. Not used if objectid is null (optional)
  *  @param  string	$dbt_select     Field name for select if not rowid. Not used if objectid is null (optional)
@@ -345,7 +345,7 @@ function restrictedArea($user, $features, $objectid=0, $tableandshare='', $featu
  * @param User		$user			User to check
  * @param array		$featuresarray	Features/modules to check. Example: ('user','service') 
  * @param int		$objectid		Object ID if we want to check a particular record (optional) is linked to a owned thirdparty (optional).
- * @param string	$tableandshare	'TableName&SharedElement' with Tablename is table where object is stored. SharedElement is an optional key to define where to check entity. Not used if objectid is null (optional)
+ * @param string	$tableandshare	'TableName&SharedElement' with Tablename is table where object is stored. SharedElement is an optional key to define where to check entity for multicompany modume. Param not used if objectid is null (optional).
  * @param string	$feature2		Feature to check, second level of permission (optional). Can be or check with 'level1|level2'.
  * @param string	$dbt_keyfield	Field name for socid foreign key if not fk_soc. Not used if objectid is null (optional)
  * @param string	$dbt_select		Field name for select if not rowid. Not used if objectid is null (optional)
diff --git a/htdocs/expensereport/document.php b/htdocs/expensereport/document.php
index 0ada24ed89e..470e2ec3346 100644
--- a/htdocs/expensereport/document.php
+++ b/htdocs/expensereport/document.php
@@ -46,7 +46,7 @@ $confirm = GETPOST('confirm','alpha');
 
 // Security check
 if ($user->societe_id) $socid=$user->societe_id;
-$result = restrictedArea($user, 'expensereport', $id, '');
+$result = restrictedArea($user, 'expensereport', $id, 'expensereport');
 
 
 // Get parameters
diff --git a/htdocs/expensereport/info.php b/htdocs/expensereport/info.php
index 476a547c8f0..21ee44df97a 100644
--- a/htdocs/expensereport/info.php
+++ b/htdocs/expensereport/info.php
@@ -33,7 +33,7 @@ $langs->load("trips");
 // Security check
 $id = GETPOST('id','int');
 if ($user->societe_id) $socid=$user->societe_id;
-$result = restrictedArea($user, 'expensereport', $id, '');
+$result = restrictedArea($user, 'expensereport', $id, 'expensereport');
 
 
 /*
diff --git a/htdocs/expensereport/note.php b/htdocs/expensereport/note.php
index 71ba4eb32dd..636e54c654e 100644
--- a/htdocs/expensereport/note.php
+++ b/htdocs/expensereport/note.php
@@ -42,7 +42,7 @@ $action=GETPOST('action','alpha');
 // Security check
 $socid=0;
 if ($user->societe_id) $socid=$user->societe_id;
-$result=restrictedArea($user,'expensereport',$id,'');
+$result=restrictedArea($user,'expensereport',$id,'expensereport');
 
 
 $object = new ExpenseReport($db);