diff --git a/htdocs/lib/functions.lib.php b/htdocs/lib/functions.lib.php
index a545387d598..ff3082d8b2b 100644
--- a/htdocs/lib/functions.lib.php
+++ b/htdocs/lib/functions.lib.php
@@ -1335,6 +1335,7 @@ function restrictedArea($user, $feature='societe', $objectid=0, $dbtablename='',
 {
 	global $db, $conf;
 
+	//dol_syslog("functions.lib:restrictedArea $feature, $objectid, $dbtablename,$feature2,$dbt_socfield,$dbt_select");
 	if ($dbt_select != 'rowid') $objectid = "'".$objectid."'";
 
 	//print "user_id=".$user->id.", feature=".$feature.", feature2=".$feature2.", object_id=".$objectid;
@@ -1431,7 +1432,7 @@ function restrictedArea($user, $feature='societe', $objectid=0, $dbtablename='',
 		$sql='';
 
 		// If dbtable not defined, we use same name for table than module name
-		if (!$dbtablename) $dbtablename = $feature;
+		if (empty($dbtablename)) $dbtablename = $feature;
 
 		// Check permission for object with entity
 		if ($feature == 'user' || $feature == 'usergroup' || $feature == 'produit')
@@ -1441,14 +1442,14 @@ function restrictedArea($user, $feature='societe', $objectid=0, $dbtablename='',
 			$sql.= " WHERE dbt.".$dbt_select." = ".$objectid;
 			$sql.= " AND dbt.entity IN (0,".$conf->entity.")";
 		}
-    else if ($feature == 'societe')
+   		else if ($feature == 'societe')
 		{
-			// Check permission for external users
+			// If external user: Check permission for external users
 			if ($user->societe_id > 0)
 			{
 				if ($user->societe_id <> $objectid) accessforbidden();
 			}
-			// Check permission for internal users that are restricted on their objects
+			// If internal user: Check permission for internal users that are restricted on their objects
 			else if (! $user->rights->societe->client->voir)
 			{
 				$sql = "SELECT sc.fk_soc";
@@ -1457,8 +1458,8 @@ function restrictedArea($user, $feature='societe', $objectid=0, $dbtablename='',
 				$sql.= " AND sc.fk_soc = s.rowid";
 				$sql.= " AND s.entity = ".$conf->entity;
 			}
-			// Check permission for entity
-			else
+			// If multicompany and internal users with all permissions, check user is in correct entity
+			else if ($conf->global->MAIN_MODULE_MULTICOMPANY)
 			{
 				$sql = "SELECT s.rowid";
 				$sql.= " FROM ".MAIN_DB_PREFIX."societe as s";
@@ -1468,7 +1469,7 @@ function restrictedArea($user, $feature='societe', $objectid=0, $dbtablename='',
 		}
 		else
 		{
-			// Check permission for external users
+			// If external user: Check permission for external users
 			if ($user->societe_id > 0)
 			{
 				$sql = "SELECT dbt.fk_soc";
@@ -1476,7 +1477,7 @@ function restrictedArea($user, $feature='societe', $objectid=0, $dbtablename='',
 				$sql.= " WHERE dbt.rowid = ".$objectid;
 				$sql.= " AND dbt.fk_soc = ".$user->societe_id;
 			}
-			// Check permission for internal users that are restricted on their objects
+			// If internal user: Check permission for internal users that are restricted on their objects
 			else if (! $user->rights->societe->client->voir)
 			{
 				$sql = "SELECT sc.fk_soc";
@@ -1487,8 +1488,8 @@ function restrictedArea($user, $feature='societe', $objectid=0, $dbtablename='',
 				$sql.= " AND s.entity = ".$conf->entity;
 				$sql.= " AND IFNULL(sc.fk_user, ".$user->id.") = ".$user->id;
 			}
-			// Check permission for entity
-			else
+			// If multicompany and internal users with all permissions, check user is in correct entity
+			else if ($conf->global->MAIN_MODULE_MULTICOMPANY)
 			{
 				$sql = "SELECT dbt.".$dbt_select;
 				$sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt, ".MAIN_DB_PREFIX."societe as s";
@@ -1508,7 +1509,7 @@ function restrictedArea($user, $feature='societe', $objectid=0, $dbtablename='',
 			}
 			else
 			{
-				dol_syslog("functions.lib::restrictedArea sql=".$sql, LOG_ERR);
+				dol_syslog("functions.lib:restrictedArea sql=".$sql, LOG_ERR);
 				accessforbidden();
 			}
 		}
diff --git a/htdocs/product/fiche.php b/htdocs/product/fiche.php
index a343cb9d75a..5d06ce93f1b 100644
--- a/htdocs/product/fiche.php
+++ b/htdocs/product/fiche.php
@@ -48,7 +48,7 @@ if (isset($_GET["id"]) || isset($_GET["ref"]))
 }
 
 if ($user->societe_id) $socid=$user->societe_id;
-$result=restrictedArea($user,'produit',$id,'product','','',$fieldid);
+$result=restrictedArea($user,'produit',$id,'product','','',$fieldid?$fieldid:'rowid');
 
 $mesg = '';
 
@@ -65,7 +65,7 @@ if ($_GET["action"] == 'fastappro')
 }
 
 
-// Action ajout d'un produit ou service
+// Add a product or service
 if ($_POST["action"] == 'add' && $user->rights->produit->creer)
 {
 	$error=0;
@@ -151,68 +151,73 @@ if ($_POST["action"] == 'add' && $user->rights->produit->creer)
 		}
 	}
 }
-
-// Action mise a jour d'un produit ou service
-if ($_POST["action"] == 'update' &&
-$_POST["cancel"] <> $langs->trans("Cancel") &&
-$user->rights->produit->creer)
+// Update a product or service
+if ($_POST["action"] == 'update' && $user->rights->produit->creer)
 {
-	$product = new Product($db);
-	if ($product->fetch($_POST["id"]))
+	if (! empty($_POST["cancel"]))
 	{
-		$product->ref                = $_POST["ref"];
-		$product->libelle            = $_POST["libelle"];
-		$product->description        = dol_htmlcleanlastbr($_POST["desc"]);
-		$product->note               = dol_htmlcleanlastbr($_POST["note"]);
-		$product->status             = $_POST["statut"];
-		$product->seuil_stock_alerte = $_POST["seuil_stock_alerte"];
-		$product->stock_loc          = $_POST["stock_loc"];
-		$product->duration_value     = $_POST["duration_value"];
-		$product->duration_unit      = $_POST["duration_unit"];
-		$product->canvas             = $_POST["canvas"];
-		$product->weight             = $_POST["weight"];
-		$product->weight_units       = $_POST["weight_units"];
-		$product->volume             = $_POST["volume"];
-		$product->volume_units       = $_POST["volume_units"];
-		$product->finished           = $_POST["finished"];
-
-		if ($product->check())
+		$_GET["action"] = '';
+		$_GET["id"] = $_POST["id"];
+	}
+	else
+	{
+		$product = new Product($db);
+		if ($product->fetch($_POST["id"]))
 		{
-			if ($product->update($product->id, $user) > 0)
+			$product->ref                = $_POST["ref"];
+			$product->libelle            = $_POST["libelle"];
+			$product->description        = dol_htmlcleanlastbr($_POST["desc"]);
+			$product->note               = dol_htmlcleanlastbr($_POST["note"]);
+			$product->status             = $_POST["statut"];
+			$product->seuil_stock_alerte = $_POST["seuil_stock_alerte"];
+			$product->stock_loc          = $_POST["stock_loc"];
+			$product->duration_value     = $_POST["duration_value"];
+			$product->duration_unit      = $_POST["duration_unit"];
+			$product->canvas             = $_POST["canvas"];
+			$product->weight             = $_POST["weight"];
+			$product->weight_units       = $_POST["weight_units"];
+			$product->volume             = $_POST["volume"];
+			$product->volume_units       = $_POST["volume_units"];
+			$product->finished           = $_POST["finished"];
+
+			if ($product->check())
 			{
-				$_GET["action"] = '';
-				$_GET["id"] = $_POST["id"];
+				if ($product->update($product->id, $user) > 0)
+				{
+					$_GET["action"] = '';
+					$_GET["id"] = $_POST["id"];
+				}
+				else
+				{
+					$_GET["action"] = 'edit';
+					$_GET["id"] = $_POST["id"];
+					$mesg = $product->error;
+				}
 			}
 			else
 			{
 				$_GET["action"] = 'edit';
 				$_GET["id"] = $_POST["id"];
-				$mesg = $product->error;
+				$mesg = $langs->trans("ErrorProductBadRefOrLabel");
 			}
-		}
-		else
-		{
-			$_GET["action"] = 'edit';
-			$_GET["id"] = $_POST["id"];
-			$mesg = $langs->trans("ErrorProductBadRefOrLabel");
-		}
 
-		// Produit spécifique
-		if ($product->canvas <> '' && file_exists('canvas/product.'.$product->canvas.'.class.php') )
-		{
-			$class = 'Product'.ucfirst($product->canvas);
-			include_once('canvas/product.'.$product->canvas.'.class.php');
-
-			$product = new $class($db);
-			if ($product->FetchCanvas($_POST["id"]))
+			// Produit spécifique
+			if ($product->canvas <> '' && file_exists('canvas/product.'.$product->canvas.'.class.php') )
 			{
-				$product->UpdateCanvas($_POST);
+				$class = 'Product'.ucfirst($product->canvas);
+				include_once('canvas/product.'.$product->canvas.'.class.php');
+
+				$product = new $class($db);
+				if ($product->FetchCanvas($_POST["id"]))
+				{
+					$product->UpdateCanvas($_POST);
+				}
 			}
 		}
 	}
 }
 
-// clone d'un produit
+// Clone a product
 if ($_GET["action"] == 'clone' && $user->rights->produit->creer)
 {
 	$db->begin();
@@ -1335,7 +1340,7 @@ if ($_GET["id"] && $_GET["action"] == '' && $product->status)
 
 		// Liste de "Mes commandes"
 		print '<tr><td width="50%" valign="top">';
-		
+
 		$sql = "SELECT s.nom, s.rowid as socid, c.rowid as commandeid, c.ref,".$db->pdate("c.date_commande")." as dc";
 		$sql.= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."commande as c";
 		$sql.= " WHERE c.fk_soc = s.rowid";
@@ -1448,7 +1453,7 @@ if ($_GET["id"] && $_GET["action"] == '' && $product->status)
 
 		// Liste de Mes factures
 		print '<tr><td width="50%" valign="top">';
-		
+
 		$sql = "SELECT s.nom, s.rowid as socid, f.rowid as factureid, f.facnumber,".$db->pdate("f.datef")." as df";
 		$sql.= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."facture as f";
 		$sql.= " WHERE f.fk_soc = s.rowid";