diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php index 0d283ea623d..55a516377b2 100644 --- a/htdocs/core/lib/security.lib.php +++ b/htdocs/core/lib/security.lib.php @@ -336,7 +336,7 @@ function dolGetLdapPasswordHash($password, $type = 'md5') * @param string $features Features to check (it must be module name or $object->element. Can be a 'or' check with 'levela|levelb'. * Examples: 'societe', 'contact', 'produit&service', 'produit|service', ...) * This is used to check permission $user->rights->features->... - * @param int|string|object $object Object or Object ID or list of Object ID if we want to check a particular record (optional) is linked to a owned thirdparty (optional). + * @param int|string|Object $object Object or Object ID or list of Object ID if we want to check a particular record (optional) is linked to a owned thirdparty (optional). * @param string $tableandshare 'TableName&SharedElement' with Tablename is table where object is stored. SharedElement is an optional key to define where to check entity for multicompany module. Param not used if objectid is null (optional). * @param string $feature2 Feature to check, second level of permission (optional). Can be a 'or' check with 'sublevela|sublevelb'. * This is used to check permission $user->rights->features->feature2... @@ -401,11 +401,11 @@ function restrictedArea(User $user, $features, $object = 0, $tableandshare = '', if ($features == 'productbatch') { $features = 'produit'; } - if ($features == 'fournisseur') { // When vendor invoice and pruchase order are into module 'fournisseur' + if ($features == 'fournisseur') { // When vendor invoice and purchase order are into module 'fournisseur' $features = 'fournisseur'; - if ($object->element == 'invoice_supplier') { + if (is_object($object) && $object->element == 'invoice_supplier') { $feature2 = 'facture'; - } elseif ($object->element == 'order_supplier') { + } elseif (is_object($object) && $object->element == 'order_supplier') { $feature2 = 'commande'; } }