From bc7bd77cea161c4be3055dfdd729ced407f03432 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Wed, 17 Jan 2018 15:54:27 +0100
Subject: [PATCH] Fix permission to open supplier order

---
 htdocs/fourn/commande/card.php     |  2 +-
 htdocs/fourn/commande/contact.php  | 18 +++++++++---------
 htdocs/fourn/commande/dispatch.php |  2 +-
 htdocs/fourn/commande/document.php |  2 +-
 htdocs/fourn/commande/info.php     |  2 +-
 htdocs/fourn/commande/note.php     |  2 +-
 6 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/htdocs/fourn/commande/card.php b/htdocs/fourn/commande/card.php
index a3ce8ba52df..d952eb771da 100644
--- a/htdocs/fourn/commande/card.php
+++ b/htdocs/fourn/commande/card.php
@@ -81,7 +81,7 @@ $datelivraison=dol_mktime(GETPOST('liv_hour','int'), GETPOST('liv_min','int'), G
 
 // Security check
 if ($user->societe_id) $socid=$user->societe_id;
-$result = restrictedArea($user, 'fournisseur', $id, '', 'commande');
+$result = restrictedArea($user, 'fournisseur', $id, 'commande_fournisseur', 'commande');
 
 // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
 $hookmanager->initHooks(array('ordersuppliercard','globalcard'));
diff --git a/htdocs/fourn/commande/contact.php b/htdocs/fourn/commande/contact.php
index ce9ce39ac4a..ff17df2bd9d 100644
--- a/htdocs/fourn/commande/contact.php
+++ b/htdocs/fourn/commande/contact.php
@@ -44,7 +44,7 @@ $action	= GETPOST('action', 'alpha');
 
 // Security check
 if ($user->societe_id) $socid=$user->societe_id;
-$result = restrictedArea($user, 'fournisseur', $id, '', 'commande');
+$result = restrictedArea($user, 'fournisseur', $id, 'commande_fournisseur', 'commande');
 
 $object = new CommandeFournisseur($db);
 
@@ -141,11 +141,11 @@ if ($id > 0 || ! empty($ref))
 
 		$head = ordersupplier_prepare_head($object);
 		dol_fiche_head($head, 'contact', $langs->trans("SupplierOrder"), 0, 'order');
-		
+
 		// Supplier order card
-	
+
 		$linkback = '<a href="'.DOL_URL_ROOT.'/fourn/commande/list.php'.(! empty($socid)?'?socid='.$socid:'').'">'.$langs->trans("BackToList").'</a>';
-		
+
 		$morehtmlref='<div class="refidno">';
 		// Ref supplier
 		$morehtmlref.=$form->editfieldkey("RefSupplier", 'ref_supplier', $object->ref_supplier, $object, 0, 'string', '', 0, 1);
@@ -186,12 +186,12 @@ if ($id > 0 || ! empty($ref))
 		    }
 		}
 		$morehtmlref.='</div>';
-		
-		
-		dol_banner_tab($object, 'ref', $linkback, 1, 'ref', 'ref', $morehtmlref, '', 0, '', '', 1);	
-		
+
+
+		dol_banner_tab($object, 'ref', $linkback, 1, 'ref', 'ref', $morehtmlref, '', 0, '', '', 1);
+
 		dol_fiche_end();
-		
+
 		// Contacts lines
 		include DOL_DOCUMENT_ROOT.'/core/tpl/contacts.tpl.php';
 
diff --git a/htdocs/fourn/commande/dispatch.php b/htdocs/fourn/commande/dispatch.php
index f4f05f96b78..2daafbbb4be 100644
--- a/htdocs/fourn/commande/dispatch.php
+++ b/htdocs/fourn/commande/dispatch.php
@@ -56,7 +56,7 @@ $lineid = GETPOST('lineid', 'int');
 $action = GETPOST('action','aZ09');
 if ($user->societe_id)
 	$socid = $user->societe_id;
-$result = restrictedArea($user, 'fournisseur', $id, '', 'commande');
+$result = restrictedArea($user, 'fournisseur', $id, 'commande_fournisseur', 'commande');
 
 if (empty($conf->stock->enabled)) {
 	accessforbidden();
diff --git a/htdocs/fourn/commande/document.php b/htdocs/fourn/commande/document.php
index df04b06939c..a2478c4c2f9 100644
--- a/htdocs/fourn/commande/document.php
+++ b/htdocs/fourn/commande/document.php
@@ -54,7 +54,7 @@ $confirm = GETPOST('confirm','alpha');
 
 // Security check
 if ($user->societe_id) $socid=$user->societe_id;
-$result = restrictedArea($user, 'fournisseur', $id, '', 'commande');
+$result = restrictedArea($user, 'fournisseur', $id, 'commande_fournisseur', 'commande');
 
 // Get parameters
 $sortfield = GETPOST("sortfield",'alpha');
diff --git a/htdocs/fourn/commande/info.php b/htdocs/fourn/commande/info.php
index 67d57b658fd..b3e777a1361 100644
--- a/htdocs/fourn/commande/info.php
+++ b/htdocs/fourn/commande/info.php
@@ -56,7 +56,7 @@ $search_agenda_label=GETPOST('search_agenda_label');
 // Security check
 $socid=0;
 if ($user->societe_id) $socid=$user->societe_id;
-$result=restrictedArea($user,'fournisseur',$id,'', 'commande');
+$result=restrictedArea($user, 'fournisseur', $id, 'commande_fournisseur', 'commande');
 
 if (!$user->rights->fournisseur->commande->lire)	accessforbidden();
 
diff --git a/htdocs/fourn/commande/note.php b/htdocs/fourn/commande/note.php
index 85c7094265b..44edbdc8f00 100644
--- a/htdocs/fourn/commande/note.php
+++ b/htdocs/fourn/commande/note.php
@@ -43,7 +43,7 @@ $action = GETPOST('action','aZ09');
 
 // Security check
 if ($user->societe_id) $socid=$user->societe_id;
-$result = restrictedArea($user, 'fournisseur', $id, '', 'commande');
+$result = restrictedArea($user, 'fournisseur', $id, 'commande_fournisseur', 'commande');
 
 $object = new CommandeFournisseur($db);
 $object->fetch($id, $ref);