Fix bug huntr.dev

htdocs/compta/bank/account_statement_document.php

@@ -120,6 +120,8 @@ if (GETPOST("rel") == 'prev') {
 	$found = true;
 }
 
+$permissiontoadd = $user->rights->banque->modifier;	// Used by the include of actions_dellink.inc.php
+
 
 /*
  * Actions

htdocs/compta/bank/document.php

@@ -74,6 +74,8 @@ if ($id > 0 || !empty($ref)) {
 
 $result = restrictedArea($user, 'banque', $object->id, 'bank_account', '', '');
 
+$permissiontoadd = $user->rights->banque->modifier;	// Used by the include of actions_dellink.inc.php
+
 
 /*
  * Actions

htdocs/compta/bank/various_payment/document.php

@@ -69,6 +69,9 @@ $object->fetch($id, $ref);
 $upload_dir = $conf->bank->dir_output.'/'.dol_sanitizeFileName($object->id);
 $modulepart = 'banque';
 
+$permissiontoadd = $user->rights->banque->modifier;	// Used by the include of actions_dellink.inc.php
+
+
 
 /*
  * Actions

htdocs/compta/deplacement/document.php

@@ -42,12 +42,6 @@ $ref = GETPOST('ref', 'alpha');
 $action = GETPOST('action', 'aZ09');
 $confirm = GETPOST('confirm', 'alpha');
 
-// Security check
-if ($user->socid) {
-	$socid = $user->socid;
-}
-$result = restrictedArea($user, 'deplacement', $id, '');
-
 
 // Get parameters
 $limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit;
@@ -74,6 +68,14 @@ $object->fetch($id, $ref);
 $upload_dir = $conf->deplacement->dir_output.'/'.dol_sanitizeFileName($object->ref);
 $modulepart = 'trip';
 
+// Security check
+if ($user->socid) {
+	$socid = $user->socid;
+}
+$result = restrictedArea($user, 'deplacement', $id, '');
+
+$permissiontoadd = $user->rights->deplacement->creer;	// Used by the include of actions_dellink.inc.php
+
 
 /*
  * Actions

htdocs/compta/sociales/document.php

@@ -78,6 +78,8 @@ if ($user->socid) {
 }
 $result = restrictedArea($user, 'tax', $object->id, 'chargesociales', 'charges');
 
+$permissiontoadd = $user->rights->tax->charges->creer;	// Used by the include of actions_dellink.inc.php
+
 
 /*
  * Actions

htdocs/compta/tva/document.php

@@ -79,6 +79,8 @@ if ($user->socid) {
 }
 $result = restrictedArea($user, 'tax', '', 'tva', 'charges');
 
+$permissiontoadd = $user->rights->tax->charges->creer;	// Used by the include of actions_dellink.inc.php
+
 
 /*
  * Actions
@@ -86,7 +88,7 @@ $result = restrictedArea($user, 'tax', '', 'tva', 'charges');
 
 include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php';
 
-if ($action == 'setlib' && $user->rights->tax->charges->creer) {
+if ($action == 'setlib' && $permissiontoadd) {
 	$object->fetch($id);
 	$result = $object->setValueFrom('label', GETPOST('lib', 'alpha'), '', '', 'text', '', $user, 'TAX_MODIFY');
 	if ($result < 0) {

htdocs/contact/document.php

@@ -49,12 +49,6 @@ if (!empty($canvas)) {
 	$objcanvas->getCanvas('contact', 'contactcard', $canvas);
 }
 
-// Security check
-if ($user->socid) {
-	$socid = $user->socid;
-}
-$result = restrictedArea($user, 'contact', $id, 'socpeople&societe', '', '', 'rowid', 0); // If we create a contact with no company (shared contacts), no check on write permission
-
 // Get parameters
 $limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit;
 $sortfield = GETPOST("sortfield", 'alpha');
@@ -91,6 +85,15 @@ $modulepart = 'contact';
 // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
 $hookmanager->initHooks(array('contactdocument'));
 
+// Security check
+if ($user->socid) {
+	$socid = $user->socid;
+}
+$result = restrictedArea($user, 'contact', $id, 'socpeople&societe', '', '', 'rowid', 0); // If we create a contact with no company (shared contacts), no check on write permission
+
+$permissiontoadd = $user->rights->societe->contact->creer;	// Used by the include of actions_dellink.inc.php
+
+
 /*
  * Actions
  */

htdocs/contrat/document.php

@@ -84,6 +84,8 @@ $modulepart = 'contract';
 // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
 $hookmanager->initHooks(array('contractcard', 'globalcard'));
 
+$permissiontoadd = $user->rights->contrat->creer;	// Used by the include of actions_dellink.inc.php
+
 
 /*
  * Actions

htdocs/don/document.php

@@ -80,6 +80,8 @@ $object->fetch($id, $ref);
 $upload_dir = $conf->don->dir_output.'/'.get_exdir($filename, 0, 0, 0, $object, 'donation').'/'.dol_sanitizeFileName($object->ref);
 $modulepart = 'don';
 
+$permissiontoadd = $user->rights->don->creer;	// Used by the include of actions_dellink.inc.php
+
 
 /*
  * Actions

htdocs/expedition/card.php

@@ -122,7 +122,7 @@ if ($user->socid) {
 $result = restrictedArea($user, 'expedition', $object->id, '');
 
 $permissiondellink = $user->rights->expedition->delivery->creer; // Used by the include of actions_dellink.inc.php
-//var_dump($object->lines[0]->detail_batch);
+$permissiontoadd = $user->rights->expedition->creer;
 
 
 /*
@@ -152,7 +152,6 @@ if (empty($reshook)) {
 
 	// Actions to build doc
 	$upload_dir = $conf->expedition->dir_output.'/sending';
-	$permissiontoadd = $user->rights->expedition->creer;
 	include DOL_DOCUMENT_ROOT.'/core/actions_builddoc.inc.php';
 
 	// Reopen

htdocs/expedition/document.php

@@ -76,6 +76,8 @@ if ($user->socid) {
 }
 $result = restrictedArea($user, 'expedition', $object->id, '');
 
+$permissiontoadd = $user->rights->expedition->creer;	// Used by the include of actions_dellink.inc.php
+
 
 /*
  * Actions

htdocs/expensereport/card.php

@@ -139,6 +139,8 @@ if ($user->socid) {
 }
 $result = restrictedArea($user, 'expensereport', $object->id, 'expensereport');
 
+$permissiontoadd = $user->rights->expensereport->creer;	// Used by the include of actions_dellink.inc.php
+
 
 /*
  * Actions
@@ -1339,7 +1341,6 @@ if (empty($reshook)) {
 
 	// Actions to build doc
 	$upload_dir = $conf->expensereport->dir_output;
-	$permissiontoadd = $user->rights->expensereport->creer;
 	include DOL_DOCUMENT_ROOT.'/core/actions_builddoc.inc.php';
 }
 

htdocs/expensereport/document.php

@@ -44,13 +44,6 @@ $confirm = GETPOST('confirm', 'alpha');
 
 $childids = $user->getAllChildIds(1);
 
-// Security check
-if ($user->socid) {
-	$socid = $user->socid;
-}
-$result = restrictedArea($user, 'expensereport', $id, 'expensereport');
-
-
 // Get parameters
 $limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit;
 $sortfield = GETPOST('sortfield', 'aZ09comma');
@@ -81,6 +74,12 @@ $modulepart = 'trip';
 // Load object
 //include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php';  // Must be include, not include_once  // Must be include, not include_once. Include fetch and fetch_thirdparty but not fetch_optionals
 
+// Security check
+if ($user->socid) {
+	$socid = $user->socid;
+}
+$result = restrictedArea($user, 'expensereport', $id, 'expensereport');
+
 if ($object->id > 0) {
 	// Check current user can read this expense report
 	$canread = 0;
@@ -95,6 +94,8 @@ if ($object->id > 0) {
 	}
 }
 
+$permissiontoadd = $user->rights->expensereport->creer;	// Used by the include of actions_dellink.inc.php
+
 
 /*
  * Actions

htdocs/fichinter/card.php

@@ -71,12 +71,6 @@ $hidedetails = (GETPOST('hidedetails', 'int') ? GETPOST('hidedetails', 'int') :
 $hidedesc = (GETPOST('hidedesc', 'int') ? GETPOST('hidedesc', 'int') : (!empty($conf->global->MAIN_GENERATE_DOCUMENTS_HIDE_DESC) ? 1 : 0));
 $hideref = (GETPOST('hideref', 'int') ? GETPOST('hideref', 'int') : (!empty($conf->global->MAIN_GENERATE_DOCUMENTS_HIDE_REF) ? 1 : 0));
 
-// Security check
-if ($user->socid) {
-	$socid = $user->socid;
-}
-$result = restrictedArea($user, 'ficheinter', $id, 'fichinter');
-
 // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
 $hookmanager->initHooks(array('interventioncard', 'globalcard'));
 
@@ -96,6 +90,12 @@ if ($id > 0 || !empty($ref)) {
 	}
 }
 
+// Security check
+if ($user->socid) {
+	$socid = $user->socid;
+}
+$result = restrictedArea($user, 'ficheinter', $id, 'fichinter');
+
 $permissionnote = $user->rights->ficheinter->creer; // Used by the include of actions_setnotes.inc.php
 $permissiondellink = $user->rights->ficheinter->creer; // Used by the include of actions_dellink.inc.php
 

htdocs/fichinter/document.php

@@ -78,6 +78,8 @@ $object->fetch($id, $ref);
 $upload_dir = $conf->ficheinter->dir_output.'/'.dol_sanitizeFileName($object->ref);
 $modulepart = 'fichinter';
 
+$permissiontoadd = $user->rights->ficheinter->creer; // Used by the include of actions_setnotes.inc.php
+
 
 /*
  * Actions

htdocs/fourn/commande/document.php

@@ -46,12 +46,6 @@ $ref = GETPOST('ref', 'alpha');
 $action = GETPOST('action', 'aZ09');
 $confirm = GETPOST('confirm', 'alpha');
 
-// Security check
-if ($user->socid) {
-	$socid = $user->socid;
-}
-$result = restrictedArea($user, 'fournisseur', $id, 'commande_fournisseur', 'commande');
-
 // Get parameters
 $limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit;
 $sortfield = GETPOST("sortfield", 'alpha');
@@ -81,6 +75,15 @@ if ($object->fetch($id, $ref) < 0) {
 $upload_dir = $conf->fournisseur->commande->dir_output.'/'.dol_sanitizeFileName($object->ref);
 $object->fetch_thirdparty();
 
+// Security check
+$socid = 0;
+if ($user->socid) {
+	$socid = $user->socid;
+}
+$result = restrictedArea($user, 'fournisseur', $id, 'commande_fournisseur', 'commande');
+
+$permissiontoadd = ($user->rights->fournisseur->commande->creer || $user->rights->supplier_order->creer); // Used by the include of actions_setnotes.inc.php
+
 
 /*
  * Actions

htdocs/fourn/facture/document.php

@@ -77,6 +77,8 @@ if ($object->fetch($id, $ref)) {
 	$upload_dir = $conf->fournisseur->facture->dir_output.'/'.get_exdir($object->id, 2, 0, 0, $object, 'invoice_supplier').$ref;
 }
 
+$permissiontoadd = ($user->rights->fournisseur->facture->creer || $user->rights->supplier_invoice->creer); // Used by the include of actions_setnotes.inc.php
+
 
 /*
  * Actions

htdocs/fourn/paiement/document.php

@@ -79,6 +79,9 @@ if ($object->fetch($id, $ref)) {
 	$upload_dir = $conf->fournisseur->payment->dir_output.'/'.dol_sanitizeFileName($object->ref);
 }
 
+$permissiontoadd = ($user->rights->fournisseur->facture->creer || $user->rights->supplier_invoice->creer); // Used by the include of actions_setnotes.inc.php
+
+
 /*
  * Actions
  */

htdocs/holiday/document.php

@@ -120,6 +120,7 @@ if ($user->socid) {
 }
 $result = restrictedArea($user, 'holiday', $object->id, 'holiday');
 
+$permissiontoadd = $user->rights->holiday->write; // Used by the include of actions_setnotes.inc.php
 
 
 /*

htdocs/knowledgemanagement/knowledgerecord_document.php

@@ -80,7 +80,7 @@ if ($id > 0 || !empty($ref)) {
 //if ($user->socid > 0) $socid = $user->socid;
 //$result = restrictedArea($user, 'knowledgemanagement', $object->id);
 
-$permissiontoadd = $user->rights->knowledgemanagement->knowledgerecord->write; // Used by the include of actions_addupdatedelete.inc.php
+$permissiontoadd = $user->rights->knowledgemanagement->knowledgerecord->write; // Used by the include of actions_addupdatedelete.inc.php and actions_linkedfiles.inc.php
 
 
 

htdocs/loan/document.php

@@ -71,6 +71,8 @@ if ($id > 0) {
 $upload_dir = $conf->loan->dir_output.'/'.dol_sanitizeFileName($object->ref);
 $modulepart = 'loan';
 
+$permissiontoadd = $user->rights->loan->write; // Used by the include of actions_addupdatedelete.inc.php and actions_linkedfiles.inc.php
+
 
 /*
  * Actions

htdocs/mrp/mo_document.php

@@ -83,12 +83,14 @@ if ($id > 0 || !empty($ref)) {
 $isdraft = (($object->status == $object::STATUS_DRAFT) ? 1 : 0);
 $result = restrictedArea($user, 'mrp', $object->id, 'mrp_mo', '', 'fk_soc', 'rowid', $isdraft);
 
+$permissiontoadd = $user->rights->mrp->write; // Used by the include of actions_addupdatedelete.inc.php and actions_linkedfiles.inc.php
+
 
 /*
  * Actions
  */
 
-include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php';
+include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; // Used by the include of actions_addupdatedelete.inc.php and actions_linkedfiles.inc.php
 
 
 /*

htdocs/product/card.php

@@ -179,6 +179,9 @@ if ($object->id > 0) {
 // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
 $hookmanager->initHooks(array('productcard', 'globalcard'));
 
+$usercanread = (($object->type == Product::TYPE_PRODUCT && $user->rights->produit->lire) || ($object->type == Product::TYPE_SERVICE && $user->rights->service->lire));
+$usercancreate = (($object->type == Product::TYPE_PRODUCT && $user->rights->produit->creer) || ($object->type == Product::TYPE_SERVICE && $user->rights->service->creer));
+$usercandelete = (($object->type == Product::TYPE_PRODUCT && $user->rights->produit->supprimer) || ($object->type == Product::TYPE_SERVICE && $user->rights->service->supprimer));
 
 
 /*
@@ -189,9 +192,6 @@ if ($cancel) {
 	$action = '';
 }
 
-$usercanread = (($object->type == Product::TYPE_PRODUCT && $user->rights->produit->lire) || ($object->type == Product::TYPE_SERVICE && $user->rights->service->lire));
-$usercancreate = (($object->type == Product::TYPE_PRODUCT && $user->rights->produit->creer) || ($object->type == Product::TYPE_SERVICE && $user->rights->service->creer));
-$usercandelete = (($object->type == Product::TYPE_PRODUCT && $user->rights->produit->supprimer) || ($object->type == Product::TYPE_SERVICE && $user->rights->service->supprimer));
 $createbarcode = empty($conf->barcode->enabled) ? 0 : 1;
 if (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && empty($user->rights->barcode->creer_advance)) {
 	$createbarcode = 0;

htdocs/product/document.php

@@ -96,8 +96,6 @@ if ($id > 0 || !empty($ref)) {
 $modulepart = 'produit';
 
 
-$permissiontoadd = (($object->type == Product::TYPE_PRODUCT && $user->rights->produit->creer) || ($object->type == Product::TYPE_SERVICE && $user->rights->service->creer));
-
 if ($object->id > 0) {
 	if ($object->type == $object::TYPE_PRODUCT) {
 		restrictedArea($user, 'produit', $object->id, 'product&product', '', '');
@@ -109,6 +107,8 @@ if ($object->id > 0) {
 	restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype);
 }
 
+$permissiontoadd = (($object->type == Product::TYPE_PRODUCT && $user->rights->produit->creer) || ($object->type == Product::TYPE_SERVICE && $user->rights->service->creer));
+
 
 /*
  * Actions

htdocs/product/stock/card.php

@@ -87,6 +87,10 @@ if ($id > 0 || !empty($ref)) {
 	}
 }
 
+$usercanread = (($user->rights->stock->lire));
+$usercancreate = (($user->rights->stock->creer));
+$usercandelete = (($user->rights->stock->supprimer));
+
 
 /*
  * Actions
@@ -94,10 +98,6 @@ if ($id > 0 || !empty($ref)) {
 
 $error = 0;
 
-$usercanread = (($user->rights->stock->lire));
-$usercancreate = (($user->rights->stock->creer));
-$usercandelete = (($user->rights->stock->supprimer));
-
 $parameters = array('id'=>$id, 'ref'=>$ref);
 $reshook = $hookmanager->executeHooks('doActions', $parameters, $object, $action); // Note that $action and $object may have been modified by some hooks
 if ($reshook < 0) {

htdocs/product/stock/productlot_document.php

@@ -100,6 +100,7 @@ if (empty($upload_dir)) {
 
 $permissiontoread = $usercanread;
 $permissiontoadd = $usercancreate;
+$permtoedit = $user->rights->produit->creer;
 //$permissiontodelete = $usercandelete;
 
 // Security check
@@ -130,8 +131,6 @@ if (empty($reshook)) {
 	include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php';
 }
 
-$permtoedit = $user->rights->produit->creer;
-
 
 /*
  *	View

htdocs/projet/document.php

@@ -82,6 +82,7 @@ $socid = 0;
 //if ($user->socid > 0) $socid = $user->socid;    // For external user, no check is done on company because readability is managed by public status of project and assignement.
 $result = restrictedArea($user, 'projet', $id, 'projet&project');
 
+$permissiontoadd = $user->rights->projet->creer;
 
 
 /*

htdocs/projet/tasks/document.php

@@ -74,6 +74,7 @@ $socid = 0;
 
 restrictedArea($user, 'projet', $object->fk_project, 'projet&project');
 
+$permissiontoadd = $$user->rights->mrp->write; // Used by the include of actions_addupdatedelete.inc.php and actions_linkedfiles.inc.php
 
 
 /*

htdocs/resource/agenda.php

@@ -71,14 +71,18 @@ if (!$sortorder) {
 	$sortorder = 'DESC,DESC';
 }
 
-$object = new DolResource($db);
-$object->fetch($id, $ref);
-
 // Initialize technical objects
 //$object=new MyObject($db);
 $extrafields = new ExtraFields($db);
 $hookmanager->initHooks(array('agendaresource'));
 
+$object = new DolResource($db);
+
+// Load object
+include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be include, not include_once.
+
+$result = restrictedArea($user, 'resource', $object->id, 'resource');
+
 // Security check
 if (!$user->rights->resource->read) {
 	accessforbidden();

htdocs/resource/card.php

@@ -48,10 +48,6 @@ if ($user->socid > 0) {
 	accessforbidden();
 }
 
-if (!$user->rights->resource->read) {
-	accessforbidden();
-}
-
 $object = new Dolresource($db);
 
 $extrafields = new ExtraFields($db);
@@ -59,6 +55,14 @@ $extrafields = new ExtraFields($db);
 // fetch optionals attributes and labels
 $extrafields->fetch_name_optionals_label($object->table_element);
 
+// Load object
+include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be include, not include_once.
+
+
+$result = restrictedArea($user, 'resource', $object->id, 'resource');
+
+$permissiontoadd = $user->rights->resource->write; // Used by the include of actions_addupdatedelete.inc.php and actions_lineupdown.inc.php
+
 
 
 /*

htdocs/resource/contact.php

@@ -38,14 +38,21 @@ $id = GETPOST('id', 'int');
 $ref = GETPOST('ref', 'alpha');
 $action = GETPOST('action', 'aZ09');
 
+$object = new DolResource($db);
+
+// Load object
+include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be include, not include_once.
+
 // Security check
 if ($user->socid) {
 	$socid = $user->socid;
 }
-$result = restrictedArea($user, 'resource', $id, 'resource');
+$result = restrictedArea($user, 'resource', $object->id, 'resource');
 
-$object = new DolResource($db);
-$result = $object->fetch($id, $ref);
+// Security check
+if (!$user->rights->resource->read) {
+	accessforbidden();
+}
 
 
 /*

htdocs/resource/document.php

@@ -70,11 +70,17 @@ if (!$sortfield) {
 
 
 $object = new DolResource($db);
-$object->fetch($id, $ref);
+
+// Load object
+include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be include, not include_once.
 
 $upload_dir = $conf->resource->dir_output.'/'.dol_sanitizeFileName($object->ref);
 $modulepart = 'resource';
 
+$result = restrictedArea($user, 'resource', $object->id, 'resource');
+
+$permissiontoadd = $user->rights->resource->write; // Used by the include of actions_addupdatedelete.inc.php and actions_linkedfiles
+
 
 /*
  * Actions

htdocs/resource/element_resource.php

@@ -76,6 +76,7 @@ if ($socid > 0) { // Special for thirdparty
 	$element = 'societe';
 }
 
+// Permission is not permission on resources. We just make link here on objects.
 
 
 /*

htdocs/resource/list.php

@@ -66,10 +66,10 @@ $filter = array();
 
 $param = '';
 if (!empty($contextpage) && $contextpage != $_SERVER["PHP_SELF"]) {
-	$param .= '&contextpage='.urlencode($contextpage);
+	$param .= '&contextpage='.urlencode($contextpage);
 }
 if ($limit > 0 && $limit != $conf->liste_limit) {
-	$param .= '&limit='.urlencode($limit);
+	$param .= '&limit='.urlencode($limit);
 }
 
 if ($search_ref != '') {
@@ -126,9 +126,6 @@ $offset = $limit * $page;
 $pageprev = $page - 1;
 $pagenext = $page + 1;
 
-if (!$user->rights->resource->read) {
-		accessforbidden();
-}
 $arrayfields = array(
 		't.ref' => array(
 				'label' => $langs->trans("Ref"),
@@ -156,6 +153,10 @@ if (GETPOST('button_removefilter_x', 'alpha') || GETPOST('button_removefilter.x'
 	$filter = array();
 }
 
+if (empty($user->rights->resource->read)) {
+	accessforbidden();
+}
+
 
 /*
  * Action

htdocs/resource/note.php

@@ -43,10 +43,12 @@ if ($user->socid) {
 // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
 $hookmanager->initHooks(array('resourcenote'));
 
-$result = restrictedArea($user, 'resource', $id, 'resource');
-
 $object = new DolResource($db);
-$object->fetch($id, $ref);
+
+// Load object
+include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be include, not include_once.
+
+$result = restrictedArea($user, 'resource', $object->id, 'resource');
 
 $permissionnote = $user->rights->resource->write; // Used by the include of actions_setnotes.inc.php
 

htdocs/salaries/document.php

@@ -104,6 +104,8 @@ if ($user->socid) {
 }
 restrictedArea($user, 'salaries', $object->id, 'salary', '');
 
+$permissiontoadd = $user->rights->salaries->write; // Used by the include of actions_addupdatedelete.inc.php and actions_linkedfiles
+
 
 /*
  * Actions

htdocs/societe/document.php

@@ -85,6 +85,8 @@ if ($user->socid > 0) {
 }
 $result = restrictedArea($user, 'societe', $object->id, '&societe');
 
+$permissiontoadd = $user->rights->societe->creer; // Used by the include of actions_addupdatedelete.inc.php and actions_linkedfiles
+
 
 /*
  * Actions

htdocs/supplier_proposal/document.php

@@ -73,6 +73,15 @@ $object->fetch($id, $ref);
 if ($object->id > 0) {
 	$object->fetch_thirdparty();
 	$upload_dir = $conf->supplier_proposal->dir_output.'/'.dol_sanitizeFileName($object->ref);
+}
+
+
+
+/*
+ * Actions
+ */
+
+if ($object->id > 0) {
 	include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php';
 }
 
@@ -80,6 +89,7 @@ if ($object->id > 0) {
 /*
  * View
  */
+
 $title = $langs->trans('CommRequest')." - ".$langs->trans('Documents');
 $help_url = 'EN:Ask_Price_Supplier|FR:Demande_de_prix_fournisseur';
 llxHeader('', $title, $help_url);

htdocs/ticket/document.php

@@ -70,7 +70,7 @@ if ($result < 0) {
 	$upload_dir = $conf->ticket->dir_output."/".dol_sanitizeFileName($object->ref);
 }
 
-$permissiontoadd = $user->rights->ticket->write;
+$permissiontoadd = $user->rights->ticket->write;	// Used by the include of actions_addupdatedelete.inc.php and actions_linkedfiles
 
 // Security check - Protection if external user
 $result = restrictedArea($user, 'ticket', $object->id);

htdocs/user/document.php

@@ -60,7 +60,7 @@ if ($id) {
 	|| (($user->id != $id) && $user->rights->user->user->password));
 }
 
-$permissiontoadd = $caneditfield;
+$permissiontoadd = $caneditfield;	// Used by the include of actions_addupdatedelete.inc.php and actions_linkedfiles
 $permtoedit = $caneditfield;
 
 // Security check
@@ -107,6 +107,7 @@ if ($id > 0 || !empty($ref)) {
 $hookmanager->initHooks(array('usercard', 'userdoc', 'globalcard'));
 
 
+
 /*
  * Actions
  */
@@ -139,8 +140,6 @@ if ($object->id) {
 	}
 	$head = user_prepare_head($object);
 
-	$form = new Form($db);
-
 	print dol_get_fiche_head($head, 'document', $langs->trans("User"), -1, 'user');
 
 	$linkback = '';

htdocs/website/index.php

@@ -339,6 +339,7 @@ if ($action == 'replacesiteconfirm') {
 }
 
 $usercanedit = $user->rights->website->write;
+$permissiontoadd = $user->rights->website->write;	// Used by the include of actions_addupdatedelete.inc.php and actions_linkedfiles
 $permissiontodelete = $user->rights->website->delete;
 
 

htdocs/workstation/workstation_document.php

@@ -74,12 +74,12 @@ if ($id > 0 || !empty($ref)) {
 	$upload_dir = $conf->workstation->multidir_output[$object->entity ? $object->entity : $conf->entity]."/workstation/".get_exdir(0, 0, 0, 1, $object);
 }
 
-$permissiontoadd = $user->rights->workstation->workstation->write; // Used by the include of actions_addupdatedelete.inc.php
-
 // Security check
 $isdraft = 0;
 restrictedArea($user, $object->element, $object->id, $object->table_element, 'workstation', 'fk_soc', 'rowid', $isdraft);
 
+$permissiontoadd = $user->rights->workstation->workstation->write; // Used by the include of actions_addupdatedelete.inc.php and actions_linkedfiles
+
 
 /*
  * Actions