diff --git a/htdocs/bom/bom_agenda.php b/htdocs/bom/bom_agenda.php
index 6a86f1c2258..dc3421dea0c 100644
--- a/htdocs/bom/bom_agenda.php
+++ b/htdocs/bom/bom_agenda.php
@@ -86,7 +86,7 @@ if ($id > 0 || !empty($ref)) {
//if ($user->socid > 0) accessforbidden();
//if ($user->socid > 0) $socid = $user->socid;
$isdraft = (($object->status == $object::STATUS_DRAFT) ? 1 : 0);
-restrictedArea($user, 'bom', $object->id, '', '', 'fk_soc', 'rowid', $isdraft);
+restrictedArea($user, 'bom', $object->id, 'bom_bom', '', '', 'rowid', $isdraft);
/*
diff --git a/htdocs/bom/bom_card.php b/htdocs/bom/bom_card.php
index fa2ef014d17..eaea02cda3a 100644
--- a/htdocs/bom/bom_card.php
+++ b/htdocs/bom/bom_card.php
@@ -76,7 +76,7 @@ include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be includ
//if ($user->socid > 0) accessforbidden();
//if ($user->socid > 0) $socid = $user->socid;
$isdraft = (($object->status == $object::STATUS_DRAFT) ? 1 : 0);
-$result = restrictedArea($user, 'bom', $object->id, '', '', 'fk_soc', 'rowid', $isdraft);
+$result = restrictedArea($user, 'bom', $object->id, 'bom_bom', '', '', 'rowid', $isdraft);
$permissionnote = $user->rights->bom->write; // Used by the include of actions_setnotes.inc.php
$permissiondellink = $user->rights->bom->write; // Used by the include of actions_dellink.inc.php
diff --git a/htdocs/bom/bom_document.php b/htdocs/bom/bom_document.php
index 520dd8bb9d7..bac28f2ea9a 100644
--- a/htdocs/bom/bom_document.php
+++ b/htdocs/bom/bom_document.php
@@ -83,7 +83,7 @@ if ($id > 0 || !empty($ref)) {
//if ($user->socid > 0) accessforbidden();
//if ($user->socid > 0) $socid = $user->socid;
$isdraft = (($object->status == $object::STATUS_DRAFT) ? 1 : 0);
-restrictedArea($user, 'bom', $object->id, '', '', 'fk_soc', 'rowid', $isdraft);
+restrictedArea($user, 'bom', $object->id, 'bom_bom', '', '', 'rowid', $isdraft);
/*
diff --git a/htdocs/bom/bom_note.php b/htdocs/bom/bom_note.php
index 244bcfd7a49..99f6a708c05 100644
--- a/htdocs/bom/bom_note.php
+++ b/htdocs/bom/bom_note.php
@@ -63,7 +63,7 @@ $permissionnote = $user->rights->bom->write; // Used by the include of actions_s
//if ($user->socid > 0) accessforbidden();
//if ($user->socid > 0) $socid = $user->socid;
$isdraft = (($object->status == $object::STATUS_DRAFT) ? 1 : 0);
-restrictedArea($user, 'bom', $object->id, '', '', 'fk_soc', 'rowid', $isdraft);
+restrictedArea($user, 'bom', $object->id, 'bom_bom', '', '', 'rowid', $isdraft);
/*
diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php
index 0b22748a528..0e95e9ef150 100644
--- a/htdocs/core/lib/security.lib.php
+++ b/htdocs/core/lib/security.lib.php
@@ -552,8 +552,8 @@ function checkUserAccessToObject($user, $featuresarray, $objectid = 0, $tableand
global $db, $conf;
//dol_syslog("functions.lib:restrictedArea $feature, $objectid, $dbtablename, $feature2, $dbt_socfield, $dbt_select, $isdraft");
- //print "user_id=".$user->id.", features=".join(',', $featuresarray).", feature2=".$feature2.", objectid=".$objectid;
- //print ", tableandshare=".$tableandshare.", dbt_socfield=".$dbt_keyfield.", dbt_select=".$dbt_select."
";
+ print "user_id=".$user->id.", features=".join(',', $featuresarray).", feature2=".$feature2.", objectid=".$objectid;
+ print ", tableandshare=".$tableandshare.", dbt_socfield=".$dbt_keyfield.", dbt_select=".$dbt_select."
";
// More parameters
$params = explode('&', $tableandshare);
@@ -747,6 +747,7 @@ function checkUserAccessToObject($user, $featuresarray, $objectid = 0, $tableand
$sql .= " AND dbt.entity IN (".getEntity($sharedelement, 1).")";
}
}
+ print $sql;
if ($sql) {
$resql = $db->query($sql);
@@ -756,6 +757,7 @@ function checkUserAccessToObject($user, $featuresarray, $objectid = 0, $tableand
return false;
}
} else {
+ dol_syslog("Bad forged sql in checkUserAccessToObject", LOG_WARNING);
return false;
}
}