New: Super clean of permissions checks

2025-12-08 18:48:22 +01:00 · 2008-02-25 16:30:43 +00:00
parent 00dbfcb56b
commit b12d53e13f
60 changed files with 504 additions and 952 deletions
--- a/htdocs/comm/action/index.php
+++ b/htdocs/comm/action/index.php
@@ -38,12 +38,9 @@ $sortfield = isset($_GET["sortfield"])?$_GET["sortfield"]:$_POST["sortfield"];
 $sortorder = isset($_GET["sortorder"])?$_GET["sortorder"]:$_POST["sortorder"];
 $page = isset($_GET["page"])?$_GET["page"]:$_POST["page"];
-// S<EFBFBD>curit<EFBFBD> acc<63>s client
+// Security check
-if ($user->societe_id > 0) 
+$socid = isset($_GET["socid"])?$_GET["socid"]:'';
-{
+$result = restrictedArea($user, 'societe',$socid,'',1);
  $action = '';
  $socid = $user->societe_id;
 }
 if ($page == -1) { $page = 0 ; }
 $limit = $conf->liste_limit;
--- a/htdocs/comm/clients.php
+++ b/htdocs/comm/clients.php
@@ -27,7 +27,8 @@
 require("./pre.inc.php");
 // Security check
-$result = restrictedArea($user, 'societe','','',1);
+$socid = isset($_GET["socid"])?$_GET["socid"]:'';
 $result = restrictedArea($user, 'societe',$socid,'',1);
 $page=$_GET["page"];
 $sortorder=$_GET["sortorder"];
--- a/htdocs/comm/contact.php
+++ b/htdocs/comm/contact.php
@@ -38,11 +38,11 @@ if ($page < 0) { $page = 0 ; }
 $limit = $conf->liste_limit;
 $offset = $limit * $page ;
 $socid = isset($_GET["socid"])?$_GET["socid"]:'';
 $type=$_GET["type"];
 // Security check
-$result = restrictedArea($user, 'societe');
+$socid = isset($_GET["socid"])?$_GET["socid"]:'';
 $result = restrictedArea($user, 'societe',$socid,'',1);
 /*
--- a/htdocs/comm/fiche.php
+++ b/htdocs/comm/fiche.php
@@ -41,10 +41,9 @@ $langs->load("bills");
 $langs->load("contracts");
 if ($conf->fichinter->enabled) $langs->load("interventions");
 $socid = isset($_GET["socid"])?$_GET["socid"]:'';
 // Security check
-$result = restrictedArea($user, 'societe', $socid);
+$socid = isset($_GET["socid"])?$_GET["socid"]:'';
 $result = restrictedArea($user, 'societe',$socid,'',1);
 $sortorder=$_GET["sortorder"];
 $sortfield=$_GET["sortfield"];
--- a/htdocs/comm/prospect/fiche.php
+++ b/htdocs/comm/prospect/fiche.php
@@ -35,28 +35,9 @@ $langs->load('companies');
 $langs->load('projects');
 $langs->load('propal');
-$socid = isset($_GET["id"])?$_GET["id"]:$_GET["socid"];		// Fonctionne si on passe id ou socid
+// Security check
-if ($socid == '') accessforbidden();
+$socid = isset($_GET["socid"])?$_GET["socid"]:'';
-
+$result = restrictedArea($user, 'societe',$socid,'',1);
 // Protection quand utilisateur externe
 if ($user->societe_id > 0)
 {
    $socid = $user->societe_id;
 }
 // Protection restriction commercial
 if (!$user->rights->commercial->client->voir && $socid && !$user->societe_id > 0)
 {
        $sql = "SELECT sc.rowid";
        $sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."societe as s";
        $sql .= " WHERE sc.fk_soc = ".$socid." AND sc.fk_soc = s.rowid AND sc.fk_user = ".$user->id." AND s.client = 2";
        if ( $db->query($sql) )
        {
          if ( $db->num_rows() == 0) accessforbidden();
        }
 }
 /*
--- a/htdocs/comm/prospect/prospects.php
+++ b/htdocs/comm/prospect/prospects.php
@@ -32,13 +32,9 @@ require_once(DOL_DOCUMENT_ROOT."/prospect.class.php");
 $langs->load("propal");
-// S<EFBFBD>curit<EFBFBD> acc<63>s client
+// Security check
-$socid=0;
+$socid = isset($_GET["socid"])?$_GET["socid"]:'';
-if ($user->societe_id > 0) 
+$result = restrictedArea($user, 'societe',$socid,'',1);
 {
  $action = '';
  $socid = $user->societe_id;
 }
 $socname=isset($_GET["socname"])?$_GET["socname"]:$_POST["socname"];
 $stcomm=isset($_GET["stcomm"])?$_GET["stcomm"]:$_POST["stcomm"];
--- a/htdocs/commande/liste.php
+++ b/htdocs/commande/liste.php
@@ -1,6 +1,6 @@
 <?php
 /* Copyright (C) 2001-2005 Rodolphe Quiedeville  <rodolphe@quiedeville.org>
- * Copyright (C) 2004-2006 Laurent Destailleur   <eldy@users.sourceforge.net>
+ * Copyright (C) 2004-2008 Laurent Destailleur   <eldy@users.sourceforge.net>
 * Copyright (C)      2005 Marc Barilley / Ocebo <marc@ocebo.com>
 * Copyright (C) 2005-2007 Regis Houssin         <regis@dolibarr.fr>
 *
@@ -17,15 +17,13 @@
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 *
 * $Id$
 */
 /**
        \file       htdocs/commande/liste.php
        \ingroup    commande
        \brief      Page liste des commandes
-        \version    $Revision$
+        \version    $Id$
 */
@@ -35,9 +33,6 @@ require_once(DOL_DOCUMENT_ROOT."/html.formfile.class.php");
 $langs->load('orders');
 $langs->load('companies');
 if (!$user->rights->commande->lire)
 	accessforbidden();
 $year=isset($_GET["year"])?$_GET["year"]:$_POST["year"];
 $month=isset($_GET["month"])?$_GET["month"]:$_POST["month"];
 $sref=isset($_GET['sref'])?$_GET['sref']:$_POST['sref'];
@@ -45,13 +40,9 @@ $sref_client=isset($_GET['sref_client'])?$_GET['sref_client']:(isset($_POST['sre
 $snom=isset($_GET['snom'])?$_GET['snom']:$_POST['snom'];
 $sall=isset($_GET['sall'])?$_GET['sall']:$_POST['sall'];
-// S<EFBFBD>curit<EFBFBD> acc<63>s client
+// Security check
-$socid = $_GET['socid'];
+$orderid = isset($_GET["orderid"])?$_GET["orderid"]:'';
-if ($user->societe_id > 0)
+$result = restrictedArea($user, 'commande', $orderid,'',1);
 {
 	$action = '';
 	$socid = $user->societe_id;
 }
 /*
--- a/htdocs/compta/commande/liste.php
+++ b/htdocs/compta/commande/liste.php
@@ -42,13 +42,10 @@ if (! $sortorder) $sortorder="DESC";
 $limit = $conf->liste_limit;
 $offset = $limit * $_GET["page"] ;
-// S<EFBFBD>curit<EFBFBD> acc<63>s client
+// Security check
-$socid = $_GET["socid"];
+$orderid = isset($_GET["orderid"])?$_GET["orderid"]:'';
-if ($user->societe_id > 0)
+$result = restrictedArea($user, 'commande',$orderid,'',1);
-{
+
    $action = '';
    $socid = $user->societe_id;
 }
 $langs->load('companies');
--- a/htdocs/compta/deplacement/fiche.php
+++ b/htdocs/compta/deplacement/fiche.php
@@ -1,6 +1,6 @@
 <?php
 /* Copyright (C) 2003      Rodolphe Quiedeville <rodolphe@quiedeville.org>
- * Copyright (C) 2004-2006 Laurent Destailleur  <eldy@users.sourceforge.net>
+ * Copyright (C) 2004-2008 Laurent Destailleur  <eldy@users.sourceforge.net>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@@ -15,21 +15,21 @@
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 *
 * $Id$
 * $Source$
 */
 /**
 	    \file       htdocs/compta/deplacement/fiche.php
 		\brief      Page fiche d'un d<>placement
 		\version	$Id$
 */
 require("./pre.inc.php");
 $langs->load("trips");
 // Security check
 $id=isset($_GET["id"])?$_GET["id"]:$_POST["id"];
 $result = restrictedArea($user, 'deplacement', $id,'',1);
 $mesg = '';
@@ -38,7 +38,7 @@ $mesg = '';
 /*
 * Actions
 */
-if ($_POST["action"] == 'confirm_delete' && $_POST["confirm"] == "yes")
+if ($_POST["action"] == 'confirm_delete' && $_POST["confirm"] == "yes" && $user->rights->deplacement->supprimer)
 {
 	$deplacement = new Deplacement($db);
 	$deplacement->delete($_GET["id"]);
@@ -46,53 +46,69 @@ if ($_POST["action"] == 'confirm_delete' && $_POST["confirm"] == "yes")
 	exit;
 }
-if ($_POST["action"] == 'add' && $_POST["cancel"] <> $langs->trans("Cancel"))
+if ($_POST["action"] == 'add' && $user->rights->deplacement->creer)
 {
-	$deplacement = new Deplacement($db);
+	if (! $_POST["cancel"])
 	$deplacement->date = mktime(12, 1 , 1,
 					$_POST["remonth"],
 					$_POST["reday"],
 					$_POST["reyear"]);
 	$deplacement->km = $_POST["km"];
 	$deplacement->socid = $_POST["socid"];
 	$deplacement->userid = $user->id; //$_POST["km"];
 	$id = $deplacement->create($user);
 	if ($id > 0)
 	{
-		Header ( "Location: fiche.php?id=".$id);
+	 	$deplacement = new Deplacement($db);
-		exit;
+
 		$deplacement->date = dolibarr_mktime(12, 0, 0,
 						$_POST["remonth"],
 						$_POST["reday"],
 						$_POST["reyear"]);
 		$deplacement->km = $_POST["km"];
 		$deplacement->socid = $_POST["socid"];
 		$deplacement->userid = $user->id; //$_POST["km"];
 		$id = $deplacement->create($user);
 		if ($id > 0)
 		{
 			Header ( "Location: fiche.php?id=".$id);
 			exit;
 		}
 		else
 		{
 			dolibarr_print_error($db,$deplacement->error);
 		}
 	}
 	else
 	{
-		dolibarr_print_error($db,$deplacement->error);
+		Header ( "Location: index.php");
 		exit;
 	}
 }
-if ($_POST["action"] == 'update' && $_POST["cancel"] <> $langs->trans("Cancel"))
+if ($_POST["action"] == 'update' && $user->rights->deplacement->creer)
 {
-	$deplacement = new Deplacement($db);
+	if (!  $_POST["cancel"])
 	$result = $deplacement->fetch($_POST["id"]);
 	$deplacement->date = mktime(12, 1 , 1,
 				$_POST["remonth"],
 				$_POST["reday"],
 				$_POST["reyear"]);
 	$deplacement->km     = $_POST["km"];
 	$result = $deplacement->update($user);
 	if ($result > 0)
 	{
-		Header ( "Location: fiche.php?id=".$_POST["id"]);
+		$deplacement = new Deplacement($db);
-		exit;
+		$result = $deplacement->fetch($_POST["id"]);
 		$deplacement->date = dolibarr_mktime(12, 0 , 0,
 					$_POST["remonth"],
 					$_POST["reday"],
 					$_POST["reyear"]);
 		$deplacement->km     = $_POST["km"];
 		$result = $deplacement->update($user);
 		if ($result > 0)
 		{
 			Header ( "Location: fiche.php?id=".$_POST["id"]);
 			exit;
 		}
 		else
 		{
 			print $mesg=$langs->trans("ErrorUnknown");
 		}
 	}
 	else
 	{
-		print $mesg=$langs->trans("ErrorUnknown");
+		Header ( "Location: index.php");
 		exit;
 	}
 }
--- a/htdocs/compta/deplacement/index.php
+++ b/htdocs/compta/deplacement/index.php
@@ -17,14 +17,12 @@
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 *
 * $Id$
 * $Source$
 */
 /**
 	    \file       htdocs/compta/deplacement/index.php
 		\brief      Page liste des d<>placements
 		\version	$Id$
 */
 require("./pre.inc.php");
@@ -34,6 +32,9 @@ $langs->load("companies");
 $langs->load("users");
 $langs->load("trips");
 // Security check
 $result = restrictedArea($user, 'deplacement','','',1);
 llxHeader();
--- a/htdocs/compta/facture/impayees.php
+++ b/htdocs/compta/facture/impayees.php
@@ -32,21 +32,11 @@ require_once(DOL_DOCUMENT_ROOT."/html.formfile.class.php");
 require_once(DOL_DOCUMENT_ROOT."/facture.class.php");
 require_once(DOL_DOCUMENT_ROOT."/paiement.class.php");
 if (!$user->rights->facture->lire)
 accessforbidden();
 $langs->load("bills");
-
+// Security check
-
+$facid = isset($_GET["facid"])?$_GET["facid"]:'';
-if ($_GET["socid"]) { $socid=$_GET["socid"]; }
+$result = restrictedArea($user, 'facture',$facid,'',1);
 // S<>curit<69> acc<63>s client
 if ($user->societe_id > 0)
 {
 	$action = '';
 	$socid = $user->societe_id;
 }
 llxHeader('',$langs->trans("BillsCustomersUnpayed"));
--- a/htdocs/compta/fiche.php
+++ b/htdocs/compta/fiche.php
@@ -33,30 +33,9 @@ $langs->load("companies");
 if ($conf->facture->enabled) $langs->load("bills");
 if ($conf->projet->enabled)  $langs->load("projects");
 // Security check
 $socid = isset($_GET["socid"])?$_GET["socid"]:'';
-if ($socid == '') accessforbidden();
+$result = restrictedArea($user, 'societe',$socid,'',1);
 // Protection quand utilisateur externe
 if ($user->societe_id > 0)
 {
    $action = '';
    $socid = $user->societe_id;
 }
 // Protection restriction commercial
 if (!$user->rights->commercial->client->voir && $socid && !$user->societe_id > 0)
 {
 	//print "eeeee".$socid."rr".$user->societe_id."oo".$user->rights->commercial->client->voir;
 	$sql = "SELECT sc.fk_soc, s.client";
 	$sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."societe as s";
 	$sql .= " WHERE sc.fk_soc = ".$socid." AND sc.fk_user = ".$user->id." AND s.client = 1";
 	if ( $db->query($sql) )
 	{
 		if ( $db->num_rows() == 0) accessforbidden();
 	}
 }
 /*
--- a/htdocs/compta/paiement/cheque/fiche.php
+++ b/htdocs/compta/paiement/cheque/fiche.php
@@ -15,15 +15,13 @@
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 *
 * $Id$
 */
 /**
   \file       htdocs/compta/paiement/cheque/fiche.php
   \ingroup    facture
   \brief      Onglet paiement cheque
-   \version    $Revision$
+   \version    $Id$
 */
 require('./pre.inc.php');
@@ -36,6 +34,9 @@ $langs->load('bills');
 $langs->load('banks');
 $langs->load('companies');
 // Security check
 $result = restrictedArea($user, 'banque', '','',0);
 $mesg='';
 $sortfield=isset($_GET["sortfield"])?$_GET["sortfield"]:$_POST["sortfield"];
--- a/htdocs/compta/paiement/cheque/index.php
+++ b/htdocs/compta/paiement/cheque/index.php
@@ -1,6 +1,6 @@
 <?php
-/* Copyright (C) 2006 Rodolphe Quiedeville <rodolphe@quiedeville.org>
+/* Copyright (C) 2006      Rodolphe Quiedeville <rodolphe@quiedeville.org>
- * Copyright (C) 2007 Laurent Destailleur  <eldy@users.sourceforge.net>
+ * Copyright (C) 2007-2008 Laurent Destailleur  <eldy@users.sourceforge.net>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@@ -15,15 +15,13 @@
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 *
 * $Id$
 */
 /**
 		\file       htdocs/compta/paiement/cheque/index.php
 		\ingroup    compta
 		\brief      Page liste des bordereau de remise de cheque
-		\version    $Revision$
+		\version    $Id$
 */
 require("./pre.inc.php");
@@ -32,16 +30,9 @@ require_once(DOL_DOCUMENT_ROOT.'/compta/bank/account.class.php');
 $langs->load("banks");
-// S<EFBFBD>curit<EFBFBD> acc<63>s client
+// Security check
-if (! $user->rights->banque)
+$result = restrictedArea($user, 'banque', '','',1);
  accessforbidden();
 $socid=0;
 if ($user->societe_id > 0) 
 {
  $action = '';
  $socid = $user->societe_id;
 }
 $checkdepositstatic=new RemiseCheque($db);
 $accountstatic=new Account($db);
--- a/htdocs/compta/paiement/cheque/liste.php
+++ b/htdocs/compta/paiement/cheque/liste.php
@@ -30,16 +30,8 @@ require_once(DOL_DOCUMENT_ROOT.'/compta/bank/account.class.php');
 $langs->load("bills");
-// S<EFBFBD>curit<EFBFBD> acc<63>s client
+// Security check
-if (! $user->rights->facture->lire && ! $user->rights->adherent->cotisation->lire)
+$result = restrictedArea($user, 'banque', '','',1);
  accessforbidden();
 $socid=0;
 if ($user->societe_id > 0) 
 {
  $action = '';
  $socid = $user->societe_id;
 }
 $page=$_GET["page"];
 $sortorder=$_GET["sortorder"];
--- a/htdocs/compta/paiement/liste.php
+++ b/htdocs/compta/paiement/liste.php
@@ -33,16 +33,10 @@ require_once(DOL_DOCUMENT_ROOT.'/compta/bank/account.class.php');
 $langs->load("bills");
-// S<EFBFBD>curit<EFBFBD> acc<63>s client
+// Security check
-if (! $user->rights->facture->lire)
+$facid = isset($_GET["facid"])?$_GET["facid"]:'';
-  accessforbidden();
+$result = restrictedArea($user, 'facture',$facid,'',1);
 $socid=0;
 if ($user->societe_id > 0) 
 {
  $action = '';
  $socid = $user->societe_id;
 }
 $paymentstatic=new Paiement($db);
 $accountstatic=new Account($db);
@@ -50,8 +44,9 @@ $companystatic=new Societe($db);
 /*
- * Affichage
+* 	View
- */
+*/
 llxHeader('',$langs->trans("ListPayment"));
 $page=$_GET["page"];
--- a/htdocs/compta/prelevement/demandes.php
+++ b/htdocs/compta/prelevement/demandes.php
@@ -30,15 +30,12 @@
 require("./pre.inc.php");
 require_once DOL_DOCUMENT_ROOT."/includes/modules/modPrelevement.class.php";
 if (!$user->rights->prelevement->bons->lire)
  accessforbidden();
 $langs->load("widthdrawals");
-if ($user->societe_id > 0)
+// Security check
-{
+$socid = isset($_GET["socid"])?$_GET["socid"]:'';
-  $socid = $user->societe_id;
+$result = restrictedArea($user, 'prelevement','','',1);
-}
+
 llxHeader();
--- a/htdocs/compta/prelevement/index.php
+++ b/htdocs/compta/prelevement/index.php
@@ -32,16 +32,11 @@ require_once DOL_DOCUMENT_ROOT."/includes/modules/modPrelevement.class.php";
 $langs->load("withdrawals");
 // Security check
 $socid = isset($_GET["socid"])?$_GET["socid"]:'';
 $result = restrictedArea($user, 'prelevement','','',1);
 if (!$user->rights->prelevement->bons->lire)
  accessforbidden();
 // S<>curit<69> acc<63>s client
 if ($user->societe_id > 0)
 {
    $action = '';
    $socid = $user->societe_id;
 }
 /*
--- a/htdocs/contact/exportimport.php
+++ b/htdocs/contact/exportimport.php
@@ -32,43 +32,14 @@ require_once(DOL_DOCUMENT_ROOT."/lib/contact.lib.php");
 $langs->load("companies");
-// Protection quand utilisateur externe
+// Security check
 $contactid = isset($_GET["id"])?$_GET["id"]:'';
-
+$result = restrictedArea($user, 'contact',$contactid,'',1);
 $socid=0;
 if ($user->societe_id > 0)
 {
    $socid = $user->societe_id;
 }
 // Protection restriction commercial
 if ($contactid && ! $user->rights->commercial->client->voir)
 {
    $sql = "SELECT sc.fk_soc, sp.fk_soc";
    $sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."socpeople as sp";
    $sql .= " WHERE sp.rowid = ".$contactid;
    if (! $user->rights->commercial->client->voir && ! $socid)
    {
    	$sql .= " AND sc.fk_soc = sp.fk_soc AND sc.fk_user = ".$user->id;
    }
    if ($socid) $sql .= " AND sp.fk_soc = ".$socid;
    $resql=$db->query($sql);
    if ($resql)
    {
    	if ($db->num_rows() == 0) accessforbidden();
    }
    else
    {
    	dolibarr_print_error($db);
    }
 }
 /*
- *
+*	View
- *
+*/
 */
 llxHeader();
--- a/htdocs/contact/fiche.php
+++ b/htdocs/contact/fiche.php
@@ -35,36 +35,17 @@ require_once(DOL_DOCUMENT_ROOT."/lib/contact.lib.php");
 $langs->load("companies");
 $langs->load("users");
 $error = array();
 $socid=$_GET["socid"]?$_GET["socid"]:$_POST["socid"];
-// Protection quand utilisateur externe
+// Security check
 $contactid = isset($_GET["id"])?$_GET["id"]:'';
 $result = restrictedArea($user, 'contact', $contactid,'',0);
 if ($user->societe_id > 0)
 {
    $socid = $user->societe_id;
 }
 // Protection restriction commercial
 if ($contactid && !$user->rights->commercial->client->voir)
 {
 	$sql = "SELECT sc.fk_soc, sp.fk_soc";
 	$sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."socpeople as sp";
 	$sql .= " WHERE sp.rowid = ".$contactid;
 	if (!$user->rights->commercial->client->voir && !$user->societe_id > 0)
 	{
 		$sql .= " AND sc.fk_soc = sp.fk_soc AND sc.fk_user = ".$user->id;
 	}
 	if ($user->societe_id > 0) $sql .= " AND sp.fk_soc = ".$socid;
 	if ( $db->query($sql) )
 	{
 		if ( $db->num_rows() == 0) accessforbidden();
 	}
 }
 /*
 *	Actions
 */
 // Creation utilisateur depuis contact
 if ($user->rights->user->user->creer)
--- a/htdocs/contact/index.php
+++ b/htdocs/contact/index.php
@@ -16,15 +16,13 @@
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 *
 * $Id$
 */
 /**
 	    \file       htdocs/contact/index.php
        \ingroup    societe
 		\brief      Page liste des contacts
-		\version    $Revision$
+		\version    $Id$
 */
 require("./pre.inc.php");
@@ -33,17 +31,9 @@ require_once(DOL_DOCUMENT_ROOT."/contact.class.php");
 $langs->load("companies");
 $langs->load("suppliers");
-
+// Security check
-// S<>curit<69> acc<63>s client
+$contactid = isset($_GET["id"])?$_GET["id"]:'';
-$socid='';
+$result = restrictedArea($user, 'contact', $contactid,'',1);
 if ($_GET["socid"]) { $socid=$_GET["socid"]; }
 if ($user->societe_id > 0) 
 {
  $action = '';
  $socid = $user->societe_id;
 }
 $search_nom=isset($_GET["search_nom"])?$_GET["search_nom"]:$_POST["search_nom"];
 $search_prenom=isset($_GET["search_prenom"])?$_GET["search_prenom"]:$_POST["search_prenom"];
@@ -107,21 +97,18 @@ llxHeader();
 $sql = "SELECT s.rowid as socid, s.nom, ";
 $sql.= " p.rowid as cidp, p.name, p.firstname, p.email, p.phone, p.phone_mobile, p.fax,";
 $sql.= " ".$db->pdate("p.tms")." as tms";
-if (!$user->rights->commercial->client->voir && !$socid) $sql .= ", sc.fk_soc, sc.fk_user";
+$sql.= " FROM ".MAIN_DB_PREFIX."socpeople as p";
 $sql.= " FROM ";
 if (!$user->rights->commercial->client->voir && !$socid) $sql .= MAIN_DB_PREFIX."societe_commerciaux as sc,";
 $sql.= " ".MAIN_DB_PREFIX."socpeople as p";
 $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = p.fk_soc";
 if (!$user->rights->commercial->client->voir && !$socid) $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc";
 $sql.= " WHERE 1=1 ";
-
+if (!$user->rights->commercial->client->voir && !$socid) //restriction
 {
 	$sql .= " AND IFNULL(sc.fk_user, ".$user->id.") = " .$user->id;
 }
 if ($_GET["userid"])    // statut commercial
 {
    $sql .= " AND p.fk_user_creat=".$_GET["userid"];
 }
 if (!$user->rights->commercial->client->voir && !$socid) //restriction
 {
 	$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
 }
 if ($search_nom)        // filtre sur le nom
 {
    $sql .= " AND p.name like '%".addslashes($search_nom)."%'";
--- a/htdocs/contact/info.php
+++ b/htdocs/contact/info.php
@@ -32,42 +32,15 @@ require_once(DOL_DOCUMENT_ROOT."/lib/contact.lib.php");
 $langs->load("companies");
-// Protection quand utilisateur externe
+// Security check
 $contactid = isset($_GET["id"])?$_GET["id"]:'';
 $result = restrictedArea($user, 'contact',$contactid,'',1);
 $socid=0;
 if ($user->societe_id > 0)
 {
    $socid = $user->societe_id;
 }
 // Protection restriction commercial
 if ($contactid && ! $user->rights->commercial->client->voir)
 {
    $sql = "SELECT sc.fk_soc, sp.fk_soc";
    $sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."socpeople as sp";
    $sql .= " WHERE sp.rowid = ".$contactid;
    if (! $user->rights->commercial->client->voir && ! $socid)
    {
    	$sql .= " AND sc.fk_soc = sp.fk_soc AND sc.fk_user = ".$user->id;
    }
    if ($socid) $sql .= " AND sp.fk_soc = ".$socid;
    $resql=$db->query($sql);
    if ($resql)
    {
    	if ($db->num_rows() == 0) accessforbidden();
    }
    else
    {
    	dolibarr_print_error($db);
    }
 }
 /*
- * Fiche info
+* 	View
- */
+*/
 llxHeader();
--- a/htdocs/contact/ldap.php
+++ b/htdocs/contact/ldap.php
@@ -15,15 +15,13 @@
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 *
 * $Id$
 */
 /**
        \file       htdocs/contact/ldap.php
        \ingroup    ldap
        \brief      Page fiche LDAP contact
-        \version    $Revision$
+        \version    $Id$
 */
 require("./pre.inc.php");
@@ -35,43 +33,14 @@ $langs->load("companies");
 $langs->load("ldap");
 $langs->load("admin");
-// Protection quand utilisateur externe
+// Security check
 $contactid = isset($_GET["id"])?$_GET["id"]:'';
-
+$result = restrictedArea($user, 'contact',$contactid,'',1);
 $socid=0;
 if ($user->societe_id > 0)
 {
    $socid = $user->societe_id;
 }
 // Protection restriction commercial
 if ($contactid && ! $user->rights->commercial->client->voir)
 {
    $sql = "SELECT sc.fk_soc, sp.fk_soc";
    $sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."socpeople as sp";
    $sql .= " WHERE sp.rowid = ".$contactid;
    if (! $user->rights->commercial->client->voir && ! $socid)
    {
    	$sql .= " AND sc.fk_soc = sp.fk_soc AND sc.fk_user = ".$user->id;
    }
    if ($socid) $sql .= " AND sp.fk_soc = ".$socid;
    $resql=$db->query($sql);
    if ($resql)
    {
    	if ($db->num_rows() == 0) accessforbidden();
    }
    else
    {
    	dolibarr_print_error($db);
    }
 }
 /*
- *
+*	View
- *
+*/
 */
 llxHeader();
--- a/htdocs/contact/perso.php
+++ b/htdocs/contact/perso.php
@@ -15,15 +15,13 @@
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 *
 * $Id$
 */
 /**
        \file       htdocs/contact/perso.php
        \ingroup    societe
        \brief      Onglet informations personnelles d'un contact
-        \version    $Revision$
+        \version    $Id$
 */
 require("./pre.inc.php");
@@ -32,59 +30,14 @@ require_once(DOL_DOCUMENT_ROOT."/lib/contact.lib.php");
 $langs->load("companies");
-// Protection quand utilisateur externe
+// Security check
 $contactid = isset($_GET["id"])?$_GET["id"]:'';
-
+$result = restrictedArea($user, 'contact',$contactid,'',1);
 $socid=0;
 if ($user->societe_id > 0)
 {
    $socid = $user->societe_id;
 }
 // Protection restriction commercial
 if ($contactid && ! $user->rights->commercial->client->voir)
 {
    $sql = "SELECT sc.fk_soc, sp.fk_soc";
    $sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."socpeople as sp";
    $sql .= " WHERE sp.rowid = ".$contactid;
    if (! $user->rights->commercial->client->voir && ! $socid)
    {
    	$sql .= " AND sc.fk_soc = sp.fk_soc AND sc.fk_user = ".$user->id;
    }
    if ($socid) $sql .= " AND sp.fk_soc = ".$socid;
    $resql=$db->query($sql);
    if ($resql)
    {
    	if ($db->num_rows() == 0) accessforbidden();
    }
    else
    {
    	dolibarr_print_error($db);
    }
 }
 if ($_POST["action"] == 'update')
 {
    $contact = new Contact($db);
    $contact->id = $_POST["contactid"];
    if ($_POST["birthdayyear"] && $_POST["birthdaymonth"] && $_POST["birthdayday"])
    {
 		$contact->birthday = dolibarr_mktime(0,0,0,$_POST["birthdaymonth"],$_POST["birthdayday"],$_POST["birthdayyear"]);
    }
    $contact->birthday_alert = $_POST["birthday_alert"];
    $result = $contact->update_perso($_POST["contactid"], $user);
 }
 /*
- *
+*	View
- *
+*/
 */
 llxHeader();
--- a/htdocs/contrat/index.php
+++ b/htdocs/contrat/index.php
@@ -38,14 +38,9 @@ $page = isset($_GET["page"])?$_GET["page"]:$_POST["page"];
 $statut=isset($_GET["statut"])?$_GET["statut"]:1;
-// S<EFBFBD>curit<EFBFBD> acc<63>s client
+// Security check
-$socid='';
+$contratid = isset($_GET["id"])?$_GET["id"]:'';
-if ($_GET["socid"]) { $socid=$_GET["socid"]; }
+$result = restrictedArea($user, 'contrat',$contratid,'',1);
 if ($user->societe_id > 0) 
 {
  $action = '';
  $socid = $user->societe_id;
 }
 $staticcontrat=new Contrat($db);
 $staticcontratligne=new ContratLigne($db);
--- a/htdocs/contrat/info.php
+++ b/htdocs/contrat/info.php
@@ -31,42 +31,16 @@ require_once(DOL_DOCUMENT_ROOT."/contrat/contrat.class.php");
 $langs->load("contracts");
-if (!$user->rights->contrat->lire)
+// Security check
  accessforbidden();
 // S<>curit<69> acc<63>s client et commerciaux
 $contratid = isset($_GET["id"])?$_GET["id"]:'';
-
+$result = restrictedArea($user, 'contrat',$contratid,'',1);
 if ($user->societe_id > 0) 
 {
  $socid = $user->societe_id;
 }
 // Protection restriction commercial
 if ($contratid && (!$user->rights->commercial->client->voir || $user->societe_id > 0))
 {
        $sql = "SELECT sc.fk_soc, c.fk_soc";
        $sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."contrat as c";
        $sql .= " WHERE c.rowid = ".$contratid;
        if (!$user->rights->commercial->client->voir && !$user->societe_id > 0)
        {
        	$sql .= " AND sc.fk_soc = c.fk_soc AND sc.fk_user = ".$user->id;
        }
        if ($user->societe_id > 0) $sql .= " AND c.fk_soc = ".$socid;
        if ( $db->query($sql) )
        {
          if ( $db->num_rows() == 0) accessforbidden();
        }
 }
 llxHeader();
 /*
- * Visualisation de la fiche
+* View
- *
+*/
- */
+
 llxHeader();
 $contrat = new Contrat($db);
 $contrat->fetch($_GET["id"]);
--- a/htdocs/contrat/liste.php
+++ b/htdocs/contrat/liste.php
@@ -15,16 +15,13 @@
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 *
 * $Id$
 * $Source$
 */
 /**
        \file       htdocs/contrat/liste.php
        \ingroup    contrat
        \brief      Page liste des contrats
-        \version    $Revision$
+        \version    $Id$
 */
 require("./pre.inc.php");
@@ -50,12 +47,9 @@ $socid=$_GET["socid"];
 if (! $sortfield) $sortfield="c.rowid";
 if (! $sortorder) $sortorder="DESC";
-// S<EFBFBD>curit<EFBFBD> acc<63>s client
+// Security check
-if ($user->societe_id > 0)
+$contratid = isset($_GET["id"])?$_GET["id"]:'';
-{
+$result = restrictedArea($user, 'contrat',$contratid,'',1);
    $action = '';
    $socid = $user->societe_id;
 }
 $staticcontrat=new Contrat($db);
 $staticcontratligne=new ContratLigne($db);
--- a/htdocs/contrat/note.php
+++ b/htdocs/contrat/note.php
@@ -36,32 +36,10 @@ if (!$user->rights->contrat->lire)
 $langs->load("companies");
 $langs->load("contracts");
-// S<EFBFBD>curit<EFBFBD> acc<63>s client et commerciaux
+// Security check
-$contratid = isset($_GET["id"])?$_GET["id"]:'';
+$contactid = isset($_GET["id"])?$_GET["id"]:'';
 $result = restrictedArea($user, 'contact',$contactid,'',1);
 if ($user->societe_id > 0) 
 {
  unset($_GET["action"]);
  $socid = $user->societe_id;
 }
 // Protection restriction commercial
 if ($contratid && (!$user->rights->commercial->client->voir || $user->societe_id > 0))
 {
        $sql = "SELECT sc.fk_soc, c.fk_soc";
        $sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."contrat as c";
        $sql .= " WHERE c.rowid = ".$contratid;
        if (!$user->rights->commercial->client->voir && !$user->societe_id > 0)
        {
        	$sql .= " AND sc.fk_soc = c.fk_soc AND sc.fk_user = ".$user->id;
        }
        if ($user->societe_id > 0) $sql .= " AND c.fk_soc = ".$socid;
        if ( $db->query($sql) )
        {
          if ( $db->num_rows() == 0) accessforbidden();
        }
 }
 $contrat = new Contrat($db);
 $contrat->fetch($_GET["id"]);
--- a/htdocs/contrat/services.php
+++ b/htdocs/contrat/services.php
@@ -51,12 +51,10 @@ $search_service=isset($_GET["search_service"])?$_GET["search_service"]:$_POST["s
 $statut=isset($_GET["statut"])?$_GET["statut"]:1;
 $socid=$_GET["socid"];
-// S<EFBFBD>curit<EFBFBD> acc<63>s client
+// Security check
-if ($user->societe_id > 0) 
+$contratid = isset($_GET["id"])?$_GET["id"]:'';
-{
+$result = restrictedArea($user, 'contrat',$contratid,'',1);
-  $action = '';
+
  $socid = $user->societe_id;
 }
 $staticcontrat=new Contrat($db);
 $staticcontratligne=new ContratLigne($db);
--- a/htdocs/expedition/index.php
+++ b/htdocs/expedition/index.php
@@ -16,22 +16,24 @@
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 *
 * $Id$
 * $Source$
 */
 /**
        \file       htdocs/expedition/index.php
        \ingroup    expedition
        \brief      Page accueil du module expedition
-        \version    $Revision$
+        \version    $Id$
 */
 require("./pre.inc.php");
 $langs->load("sendings");
 /*
 *	View
 */
 llxHeader('',$langs->trans("Sendings"),'ch-expedition.html',$form_search);
 print_fiche_titre($langs->trans("SendingsArea"));
--- a/htdocs/expedition/liste.php
+++ b/htdocs/expedition/liste.php
@@ -29,16 +29,12 @@
 require("./pre.inc.php");
 if (!$user->rights->expedition->lire) accessforbidden();
 $langs->load('companies');
-// S<EFBFBD>curit<EFBFBD> acc<63>s client
+// Security check
-if ($user->societe_id > 0) 
+$expeditionid = isset($_GET["id"])?$_GET["id"]:'';
-{
+$result = restrictedArea($user, 'expedition',$expeditionid,'',1);
-  $action = '';
+
  $socid = $user->societe_id;
 }
 $sortfield=isset($_GET["sortfield"])?$_GET["sortfield"]:"";
 $sortorder=isset($_GET["sortorder"])?$_GET["sortorder"]:"";
--- a/htdocs/fichinter/index.php
+++ b/htdocs/fichinter/index.php
@@ -16,16 +16,13 @@
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 *
 * $Id$
 * $Source$
 */
 /**
     	\file       htdocs/fichinter/index.php
 		\brief      Page accueil espace fiches interventions
 		\ingroup    ficheinter
-		\version    $Revision$
+		\version    $Id$
 */
 require("./pre.inc.php");
@@ -40,11 +37,9 @@ $sortfield=$_GET["sortfield"]?$_GET["sortfield"]:$_POST["sortfield"];
 $socid=$_GET["socid"]?$_GET["socid"]:$_POST["socid"];
 $page=$_GET["page"]?$_GET["page"]:$_POST["page"];
-// Securit<EFBFBD>
+// Security check
-if ($user->societe_id > 0)
+$fichinterid = isset($_GET["id"])?$_GET["id"]:'';
-{
+$result = restrictedArea($user, 'ficheinter', $fichinterid,'',1);
  $socid = $user->societe_id ;
 }
 if (! $sortorder) $sortorder="DESC";
 if (! $sortfield) $sortfield="f.datei";
@@ -55,6 +50,9 @@ $offset = $limit * $page ;
 $pageprev = $page - 1;
 $pagenext = $page + 1;
 /*
 *	View
 */
 llxHeader();
--- a/htdocs/fourn/commande/index.php
+++ b/htdocs/fourn/commande/index.php
@@ -1,6 +1,6 @@
 <?PHP
 /* Copyright (C) 2001-2006 Rodolphe Quiedeville <rodolphe@quiedeville.org>
- * Copyright (C) 2004-2006 Laurent Destailleur  <eldy@users.sourceforge.net>
+ * Copyright (C) 2004-2008 Laurent Destailleur  <eldy@users.sourceforge.net>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@@ -27,6 +27,10 @@
 require("./pre.inc.php");
 require_once(DOL_DOCUMENT_ROOT."/contact.class.php");
 // Security check
 $orderid = isset($_GET["orderid"])?$_GET["orderid"]:'';
 $result = restrictedArea($user, 'commande_fournisseur', $orderid,'',1);
 /*
 * 	View
@@ -34,13 +38,6 @@ require_once(DOL_DOCUMENT_ROOT."/contact.class.php");
 llxHeader('',$langs->trans("SuppliersOrdersArea"));
 // S<>curit<69> acc<63>s client
 if ($user->societe_id > 0) 
 {
  $action = '';
  $socid = $user->societe_id;
 }
 $commande = new CommandeFournisseur($db);
 print_barre_liste($langs->trans("SuppliersOrdersArea"), $page, "index.php", "", $sortfield, $sortorder, '', $num);
@@ -49,9 +46,14 @@ print '<table class="notopnoleftnoright" width="100%">';
 print '<tr valign="top"><td class="notopnoleft" width="30%">';
 $sql = "SELECT count(cf.rowid), fk_statut";
-$sql.= " FROM ".MAIN_DB_PREFIX."societe as s,";
+if (!$user->rights->commercial->client->voir && !$socid) $sql .= ", sc.fk_soc, sc.fk_user";
-$sql.= " ".MAIN_DB_PREFIX."commande_fournisseur as cf";
+$sql.= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."commande_fournisseur as cf";
 if (!$user->rights->commercial->client->voir && !$socid) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
 $sql.= " WHERE cf.fk_soc = s.rowid ";
 if (!$user->rights->commercial->client->voir && !$socid) //restriction
 {
  $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
 }
 $sql.= " GROUP BY cf.fk_statut";
 $resql = $db->query($sql);
--- a/htdocs/fourn/commande/liste.php
+++ b/htdocs/fourn/commande/liste.php
@@ -1,6 +1,6 @@
 <?PHP
 /* Copyright (C) 2001-2006 Rodolphe Quiedeville <rodolphe@quiedeville.org>
- * Copyright (C) 2004-2007 Laurent Destailleur  <eldy@users.sourceforge.net>
+ * Copyright (C) 2004-2008 Laurent Destailleur  <eldy@users.sourceforge.net>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@@ -15,16 +15,13 @@
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 *
 * $Id$
 * $Source$
 */
 /** 
    \file       htdocs/fourn/commande/liste.php
    \ingroup    fournisseur
    \brief      Liste des commandes fournisseurs
-    \version    $Revision$
+    \version    $Id$
 */
 require("./pre.inc.php");
@@ -36,14 +33,16 @@ $socid = ( is_numeric($_GET["socid"]) ? $_GET["socid"] : 0 );
 $sortorder = $_GET["sortorder"];
 $sortfield = $_GET["sortfield"];
 // Security check
 $orderid = isset($_GET["orderid"])?$_GET["orderid"]:'';
 $result = restrictedArea($user, 'commande_fournisseur', $orderid,'',1);
 /*
 *	View
 */
 $title = $langs->trans("SuppliersOrders");
 if (!$user->rights->fournisseur->commande->lire) accessforbidden();
 // S<>curit<69> acc<63>s client/fournisseur
 if ($user->societe_id > 0) $socid = $user->societe_id;
 if ($socid > 0)
 {
  $fourn = new Fournisseur($db);
@@ -51,10 +50,6 @@ if ($socid > 0)
  $title .= ' (<a href="liste.php">'.$fourn->nom.'</a>)';
 }
 /*
 * Affichage
 */
 llxHeader('',$title);
 $commandestatic=new CommandeFournisseur($db);
@@ -71,10 +66,14 @@ $offset = $conf->liste_limit * $page ;
 $sql = "SELECT s.rowid as socid, s.nom, ".$db->pdate("cf.date_commande")." as dc,";
 $sql .= " cf.rowid,cf.ref, cf.fk_statut";
-$sql .= " FROM ".MAIN_DB_PREFIX."societe as s,";
+if (!$user->rights->commercial->client->voir && !$socid) $sql .= ", sc.fk_soc, sc.fk_user";
-$sql .= " ".MAIN_DB_PREFIX."commande_fournisseur as cf";
+$sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."commande_fournisseur as cf";
 if (!$user->rights->commercial->client->voir && !$socid) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
 $sql .= " WHERE cf.fk_soc = s.rowid ";
-
+if (!$user->rights->commercial->client->voir && !$socid) //restriction
 {
  $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
 }
 if ($socid)
 {
    $sql .= " AND s.rowid = ".$socid;
--- a/htdocs/fourn/fiche-stats.php
+++ b/htdocs/fourn/fiche-stats.php
@@ -36,37 +36,19 @@ $langs->load('orders');
 $langs->load('companies');
 $langs->load('commercial');
-// S<EFBFBD>curit<EFBFBD> acc<63>s client
+// Security check
 $socid = isset($_GET["socid"])?$_GET["socid"]:'';
-if ($user->societe_id > 0) 
+$result = restrictedArea($user, 'societe',$socid,'',1);
 {
  $action = '';
  $socid = $user->societe_id;
 }
 if (! $socid) accessforbidden();
 /*
 *  Actions
 */
 // Protection restriction commercial
 if (!$user->rights->commercial->client->voir && $socid && !$user->societe_id > 0)
 {
  $sql = "SELECT sc.rowid";
  $sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."societe as s";
  $sql .= " WHERE sc.fk_soc = ".$socid." AND sc.fk_soc = s.rowid AND sc.fk_user = ".$user->id." AND s.fournisseur = 1";
  if ( $db->query($sql) )
    {
      if ( $db->num_rows() == 0) accessforbidden();
    }
 }
 /*
- * Mode fiche
+ * View
 */  
 $societe = new Fournisseur($db);
--- a/htdocs/fourn/fiche.php
+++ b/htdocs/fourn/fiche.php
@@ -36,35 +36,12 @@ $langs->load('orders');
 $langs->load('companies');
 $langs->load('commercial');
-// Securite acces client
+// Security check
 $socid = isset($_GET["socid"])?$_GET["socid"]:'';
-if ($user->societe_id > 0) 
+$result = restrictedArea($user, 'societe',$socid,'',1);
 {
  $action = '';
  $socid = $user->societe_id;
 }
 if (! $socid) accessforbidden();
 /*
 *  Actions
 */
 // Protection restriction commercial
 if (!$user->rights->commercial->client->voir && $socid && !$user->societe_id > 0)
 {
  $sql = "SELECT sc.rowid";
  $sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."societe as s";
  $sql .= " WHERE sc.fk_soc = ".$socid." AND sc.fk_soc = s.rowid AND sc.fk_user = ".$user->id." AND s.fournisseur = 1";
  if ( $db->query($sql) )
    {
      if ( $db->num_rows() == 0) accessforbidden();
    }
 }
 /*
 * Mode fiche
 */  
--- a/htdocs/fourn/index.php
+++ b/htdocs/fourn/index.php
@@ -16,16 +16,13 @@
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 *
 * $Id$
 * $Source$
 */
 /**
   \file       htdocs/fourn/index.php
   \ingroup    fournisseur
   \brief      Page accueil de la zone fournisseurs
-   \version    $Revision$
+   \version    $Id$
 */
 require("./pre.inc.php");
@@ -36,16 +33,9 @@ $langs->load("suppliers");
 $langs->load("orders");
 $langs->load("companies");
-if (!$user->rights->societe->lire)
+// Security check
-  accessforbidden();
+$socid = isset($_GET["socid"])?$_GET["socid"]:'';
-
+$result = restrictedArea($user, 'societe',$socid,'',1);
 // S<>curit<69> acc<63>s client
 $socid='';
 if ($user->societe_id > 0) 
 {
  $action = '';
  $socid = $user->societe_id;
 }
 /*
--- a/htdocs/fourn/liste.php
+++ b/htdocs/fourn/liste.php
@@ -33,9 +33,6 @@ $langs->load("suppliers");
 $langs->load("orders");
 $langs->load("companies");
 if (!$user->rights->societe->lire)
  accessforbidden();
 $page = isset($_GET["page"])?$_GET["page"]:'';
 $sortorder = isset($_GET["sortorder"])?$_GET["sortorder"]:'';
 $sortfield = isset($_GET["sortfield"])?$_GET["sortfield"]:'';
@@ -47,15 +44,10 @@ $langs->load("suppliers");
 $langs->load("orders");
 $langs->load("companies");
-llxHeader();
+// Security check
 $socid = isset($_GET["socid"])?$_GET["socid"]:'';
 $result = restrictedArea($user, 'societe',$socid,'',1);
 // S<>curit<69> acc<63>s client
 $socid='';
 if ($user->societe_id > 0) 
 {
  $action = '';
  $socid = $user->societe_id;
 }
 if ($page == -1) { $page = 0 ; }
@@ -63,6 +55,13 @@ $offset = $conf->liste_limit * $page ;
 if (! $sortorder) $sortorder="ASC";
 if (! $sortfield) $sortfield="nom";
 /*
 *	View
 */
 llxHeader();
 /*
 * Mode Liste
 *
--- a/htdocs/fourn/stats.php
+++ b/htdocs/fourn/stats.php
@@ -33,10 +33,6 @@ $langs->load("suppliers");
 $langs->load("orders");
 $langs->load("companies");
 if (!$user->rights->societe->lire)
  accessforbidden();
 $page = isset($_GET["page"])?$_GET["page"]:'';
 $sortorder = isset($_GET["sortorder"])?$_GET["sortorder"]:'';
 $sortfield = isset($_GET["sortfield"])?$_GET["sortfield"]:'';
@@ -44,13 +40,9 @@ $socname = isset($_GET["socname"])?$_GET["socname"]:'';
 $search_nom = isset($_GET["search_nom"])?$_GET["search_nom"]:'';
 $search_ville = isset($_GET["search_ville"])?$_GET["search_ville"]:'';
-// S<EFBFBD>curit<EFBFBD> acc<63>s client
+// Security check
-$socid='';
+$socid = isset($_GET["socid"])?$_GET["socid"]:'';
-if ($user->societe_id > 0) 
+$result = restrictedArea($user, 'societe',$socid,'',1);
 {
  $action = '';
  $socid = $user->societe_id;
 }
 if ($page == -1) { $page = 0 ; }
--- a/htdocs/html.form.class.php
+++ b/htdocs/html.form.class.php
@@ -572,32 +572,31 @@ class Form
  /**
-	 *    \brief      Retourne la liste d<>roulante des soci<63>t<EFBFBD>s
+	 *    	\brief      Output html form to select a third party
-	 *    \param      selected        Societe pr<70>-s<>lectionn<6E>e
+	 *    	\param      selected        Societe pr<70>-s<>lectionn<6E>e
-	 *    \param      htmlname        Nom champ formulaire
+	 *    	\param      htmlname        Nom champ formulaire
-	 *    \param      filter          Criteres optionnels de filtre
+	 *    	\param      filter          Criteres optionnels de filtre
 	 *		\param		showempty		Add an empty field
 	 */
 	function select_societes($selected='',$htmlname='socid',$filter='',$showempty=0)
 	{
-		global $conf;
+		global $conf,$user;
        // On recherche les societes
-        $sql = "SELECT s.rowid, s.nom FROM";
+        $sql = "SELECT s.rowid, s.nom";
-        $sql.= " ".MAIN_DB_PREFIX ."societe as s";
+        $sql.= " FROM ".MAIN_DB_PREFIX ."societe as s";
-        if ($filter) $sql.= " WHERE ".$filter;
+		if (!$user->rights->commercial->client->voir && !$user->societe_id) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
        $sql.= " WHERE 1=1";
 		if ($filter) $sql.= " AND ".$filter;
        if ($selected && $conf->use_javascript_ajax && $conf->global->COMPANY_USE_SEARCH_TO_SELECT)
        {
-        	if ($filter)
+        	$sql.= " AND rowid = ".$selected;
        	{
        		$sql.= " AND";
        	}
        	else
        	{
        		$sql.= " WHERE";
        	}
        	$sql.= " rowid = ".$selected;
        }
-        $sql.= " ORDER BY nom ASC";
+        if (!$user->rights->commercial->client->voir && !$user->societe_id) //restriction
 		{
 			$sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
 		}
 		$sql.= " ORDER BY nom ASC";
        dolibarr_syslog("Form::select_societes sql=".$sql);
        $resql=$this->db->query($sql);
--- a/htdocs/includes/menus/barre_left/eldy_backoffice.php
+++ b/htdocs/includes/menus/barre_left/eldy_backoffice.php
@@ -318,7 +318,7 @@ class MenuLeft {
 					$langs->load("orders");
 					$newmenu->add(DOL_URL_ROOT."/commande/index.php?leftmenu=orders", $langs->trans("CustomersOrders"), 0 ,$user->rights->commande->lire);
 					if ($leftmenu=="orders") $newmenu->add_submenu(DOL_URL_ROOT."/societe.php?leftmenu=orders", $langs->trans("NewOrder"), 1, $user->rights->commande->creer);
-					if ($leftmenu=="orders") $newmenu->add_submenu(DOL_URL_ROOT."/commande/liste.php?leftmenu=orders", $langs->trans("List"), 1, $user->rights->commande->creer);
+					if ($leftmenu=="orders") $newmenu->add_submenu(DOL_URL_ROOT."/commande/liste.php?leftmenu=orders", $langs->trans("List"), 1, $user->rights->commande->lire);
 					if ($leftmenu=="orders") $newmenu->add_submenu(DOL_URL_ROOT."/commande/liste.php?leftmenu=orders&viewstatut=0", $langs->trans("StatusOrderDraftShort"), 2, $user->rights->commande->lire);
 					if ($leftmenu=="orders") $newmenu->add_submenu(DOL_URL_ROOT."/commande/liste.php?leftmenu=orders&viewstatut=1", $langs->trans("StatusOrderValidated"), 2, $user->rights->commande->lire);
 					if ($leftmenu=="orders") $newmenu->add_submenu(DOL_URL_ROOT."/commande/liste.php?leftmenu=orders&viewstatut=2", $langs->trans("StatusOrderOnProcessShort"), 2, $user->rights->commande->lire);
@@ -464,7 +464,7 @@ class MenuLeft {
 				{
 					$langs->load("trips");
 					$newmenu->add(DOL_URL_ROOT."/compta/deplacement/index.php?leftmenu=tripsandexpenses&amp;mainmenu=accountancy", $langs->trans("TripsAndExpenses"), 0, $user->rights->deplacement->lire);
-					if ($leftmenu=="tripsandexpenses") $newmenu->add(DOL_URL_ROOT."/compta/deplacement/fiche.php?action=create&amp;leftmenu=tripsandexpenses&amp;mainmenu=accountancy", $langs->trans("New"), 1, $user->rights->deplacement->lire);
+					if ($leftmenu=="tripsandexpenses") $newmenu->add(DOL_URL_ROOT."/compta/deplacement/fiche.php?action=create&amp;leftmenu=tripsandexpenses&amp;mainmenu=accountancy", $langs->trans("New"), 1, $user->rights->deplacement->creer);
 					if ($leftmenu=="tripsandexpenses") $newmenu->add(DOL_URL_ROOT."/compta/deplacement/index.php?leftmenu=tripsandexpenses&amp;mainmenu=accountancy", $langs->trans("List"), 1, $user->rights->deplacement->lire);
 				}
@@ -530,11 +530,11 @@ class MenuLeft {
 				}
 				// Gestion cheques
-				if ($conf->facture->enabled)
+				if ($conf->facture->enabled && $conf->banque->enabled)
 				{
-					$newmenu->add_submenu(DOL_URL_ROOT."/compta/paiement/cheque/index.php?leftmenu=checks",$langs->trans("MenuChequeDeposits"),0,$user->rights->facture->lire);
+					$newmenu->add_submenu(DOL_URL_ROOT."/compta/paiement/cheque/index.php?leftmenu=checks",$langs->trans("MenuChequeDeposits"),0,$user->rights->banque->lire);
-					if (eregi("checks",$leftmenu)) $newmenu->add_submenu(DOL_URL_ROOT."/compta/paiement/cheque/fiche.php?leftmenu=checks&amp;action=new",$langs->trans("NewChequeDeposit"),1,$user->rights->facture->creer);
+					if (eregi("checks",$leftmenu)) $newmenu->add_submenu(DOL_URL_ROOT."/compta/paiement/cheque/fiche.php?leftmenu=checks&amp;action=new",$langs->trans("NewChequeDeposit"),1,$user->rights->banque->creer);
-					if (eregi("checks",$leftmenu)) $newmenu->add_submenu(DOL_URL_ROOT."/compta/paiement/cheque/liste.php?leftmenu=checks",$langs->trans("MenuChequesReceipts"),1,$user->rights->facture->lire);
+					if (eregi("checks",$leftmenu)) $newmenu->add_submenu(DOL_URL_ROOT."/compta/paiement/cheque/liste.php?leftmenu=checks",$langs->trans("MenuChequesReceipts"),1,$user->rights->banque->lire);
 				}
@@ -790,9 +790,11 @@ class MenuLeft {
 			*/
 			if ($mainmenu == 'members')
 			{
 				if ($conf->adherent->enabled)
 				{
 					$langs->load("members");
 					$langs->load("compta");
 					$newmenu->add(DOL_URL_ROOT."/adherents/index.php?leftmenu=members&amp;mainmenu=members",$langs->trans("Members"),0,$user->rights->adherent->lire);
 					$newmenu->add_submenu(DOL_URL_ROOT."/adherents/fiche.php?leftmenu=members&amp;action=create",$langs->trans("NewMember"),1,$user->rights->adherent->creer);
 					$newmenu->add_submenu(DOL_URL_ROOT."/adherents/liste.php?leftmenu=members",$langs->trans("List"),1,$user->rights->adherent->lire);
--- a/htdocs/includes/menus/barre_left/eldy_frontoffice.php
+++ b/htdocs/includes/menus/barre_left/eldy_frontoffice.php
@@ -301,7 +301,7 @@ class MenuLeft {
 					$langs->load("orders");
 					$newmenu->add(DOL_URL_ROOT."/commande/index.php?leftmenu=orders", $langs->trans("CustomersOrders"), 0 ,$user->rights->commande->lire);
 					if ($leftmenu=="orders") $newmenu->add_submenu(DOL_URL_ROOT."/societe.php?leftmenu=orders", $langs->trans("NewOrder"), 1, $user->rights->commande->creer);
-					if ($leftmenu=="orders") $newmenu->add_submenu(DOL_URL_ROOT."/commande/liste.php?leftmenu=orders", $langs->trans("List"), 1, $user->rights->commande->creer);
+					if ($leftmenu=="orders") $newmenu->add_submenu(DOL_URL_ROOT."/commande/liste.php?leftmenu=orders", $langs->trans("List"), 1, $user->rights->commande->lire);
 					if ($leftmenu=="orders") $newmenu->add_submenu(DOL_URL_ROOT."/commande/liste.php?leftmenu=orders&viewstatut=0", $langs->trans("StatusOrderDraftShort"), 2, $user->rights->commande->lire);
 					if ($leftmenu=="orders") $newmenu->add_submenu(DOL_URL_ROOT."/commande/liste.php?leftmenu=orders&viewstatut=1", $langs->trans("StatusOrderValidated"), 2, $user->rights->commande->lire);
 					if ($leftmenu=="orders") $newmenu->add_submenu(DOL_URL_ROOT."/commande/liste.php?leftmenu=orders&viewstatut=2", $langs->trans("StatusOrderOnProcessShort"), 2, $user->rights->commande->lire);
@@ -449,7 +449,7 @@ class MenuLeft {
 				{
 					$langs->load("trips");
 					$newmenu->add(DOL_URL_ROOT."/compta/deplacement/index.php?leftmenu=tripsandexpenses&amp;mainmenu=accountancy", $langs->trans("TripsAndExpenses"), 0, $user->rights->deplacement->lire);
-					if ($leftmenu=="tripsandexpenses") $newmenu->add(DOL_URL_ROOT."/compta/deplacement/fiche.php?action=create&amp;leftmenu=tripsandexpenses&amp;mainmenu=accountancy", $langs->trans("New"), 1, $user->rights->deplacement->lire);
+					if ($leftmenu=="tripsandexpenses") $newmenu->add(DOL_URL_ROOT."/compta/deplacement/fiche.php?action=create&amp;leftmenu=tripsandexpenses&amp;mainmenu=accountancy", $langs->trans("New"), 1, $user->rights->deplacement->creer);
 					if ($leftmenu=="tripsandexpenses") $newmenu->add(DOL_URL_ROOT."/compta/deplacement/index.php?leftmenu=tripsandexpenses&amp;mainmenu=accountancy", $langs->trans("List"), 1, $user->rights->deplacement->lire);
 				}
@@ -518,7 +518,7 @@ class MenuLeft {
 				// Gestion cheques
 /*
-				if ($conf->facture->enabled)
+				if ($conf->facture->enabled && $conf->banque->enabled)
 				{
 					$newmenu->add_submenu(DOL_URL_ROOT."/compta/paiement/cheque/index.php?leftmenu=checks",$langs->trans("MenuChequeDeposits"),0,$user->rights->facture->lire);
 					if (eregi("checks",$leftmenu)) $newmenu->add_submenu(DOL_URL_ROOT."/compta/paiement/cheque/fiche.php?leftmenu=checks&amp;action=new",$langs->trans("NewChequeDeposit"),1,$user->rights->facture->creer);
@@ -759,9 +759,11 @@ class MenuLeft {
 			*/
 			if ($mainmenu == 'members')
 			{
 				if ($conf->adherent->enabled)
 				{
 					$langs->load("members");
 					$langs->load("compta");
 					$newmenu->add(DOL_URL_ROOT."/adherents/index.php?leftmenu=members&amp;mainmenu=members",$langs->trans("Members"),0,$user->rights->adherent->lire);
 					$newmenu->add_submenu(DOL_URL_ROOT."/adherents/fiche.php?leftmenu=members&amp;action=create",$langs->trans("NewMember"),1,$user->rights->adherent->creer);
 					$newmenu->add_submenu(DOL_URL_ROOT."/adherents/liste.php?leftmenu=members",$langs->trans("List"),1,$user->rights->adherent->lire);
@@ -771,7 +773,6 @@ class MenuLeft {
 					$newmenu->add_submenu(DOL_URL_ROOT."/adherents/liste.php?leftmenu=members&amp;statut=1&amp;filter=outofdate",$langs->trans("MenuMembersNotUpToDate"),1,$user->rights->adherent->lire);
 					$newmenu->add_submenu(DOL_URL_ROOT."/adherents/liste.php?leftmenu=members&amp;statut=0",$langs->trans("MenuMembersResiliated"),1,$user->rights->adherent->lire);
 					$langs->load("compta");
 					$newmenu->add(DOL_URL_ROOT."/adherents/index.php?leftmenu=members&amp;mainmenu=members",$langs->trans("Subscriptions"),0,$user->rights->adherent->cotisation->lire);
 					$newmenu->add_submenu(DOL_URL_ROOT."/adherents/liste.php?leftmenu=members&amp;statut=-1,1&amp;mainmenu=members",$langs->trans("NewSubscription"),1,$user->rights->adherent->cotisation->creer);
 					$newmenu->add_submenu(DOL_URL_ROOT."/adherents/cotisations.php?leftmenu=members",$langs->trans("List"),1,$user->rights->adherent->cotisation->lire);
--- a/htdocs/includes/menus/barre_top/eldy_backoffice.php
+++ b/htdocs/includes/menus/barre_top/eldy_backoffice.php
@@ -334,7 +334,7 @@ class MenuTop {
                $class = 'class="tmenu"';
            }
-            print '<td class="tmenu"><a '.$class.' href="'.DOL_URL_ROOT.'/adherents/index.php?mainmenu=members&amp;leftmenu="'.($this->atarget?" target=$this->atarget":"").'>'.$langs->trans("Members").'</a></td>';
+            print '<td class="tmenu"><a '.$class.' href="'.DOL_URL_ROOT.'/adherents/index.php?mainmenu=members&amp;leftmenu="'.($this->atarget?" target=$this->atarget":"").'>'.$langs->trans("MenuMembers").'</a></td>';
        }
--- a/htdocs/includes/menus/barre_top/eldy_frontoffice.php
+++ b/htdocs/includes/menus/barre_top/eldy_frontoffice.php
@@ -299,7 +299,7 @@ class MenuTop {
                $class = 'class="tmenu"';
            }
-            print '<td class="tmenu"><a '.$class.' href="'.DOL_URL_ROOT.'/adherents/index.php?mainmenu=members&amp;leftmenu="'.($this->atarget?" target=$this->atarget":"").'>'.$langs->trans("Members").'</a></td>';
+            print '<td class="tmenu"><a '.$class.' href="'.DOL_URL_ROOT.'/adherents/index.php?mainmenu=members&amp;leftmenu="'.($this->atarget?" target=$this->atarget":"").'>'.$langs->trans("MenuMembers").'</a></td>';
        }
--- a/htdocs/includes/modules/modCommercial.class.php
+++ b/htdocs/includes/modules/modCommercial.class.php
@@ -1,6 +1,6 @@
 <?php
 /* Copyright (C) 2003-2005 Rodolphe Quiedeville <rodolphe@quiedeville.org>
- * Copyright (C) 2004-2007 Laurent Destailleur  <eldy@users.sourceforge.net>
+ * Copyright (C) 2004-2008 Laurent Destailleur  <eldy@users.sourceforge.net>
 * Copyright (C) 2004      Sebastien Di Cintio  <sdicintio@ressource-toi.org>
 * Copyright (C) 2004      Benoit Mortier       <benoit.mortier@opensides.be>
 *
@@ -17,12 +17,11 @@
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 *
 * $Id$
 */
 /**     \defgroup   commercial     Module commercial
-        \brief      Module pour g<EFBFBD>rer les fonctions commerciales
+        \brief      Module pour gerer les fonctions commerciales
 		\version	$Id$
 */
 /**
@@ -84,7 +83,7 @@ class modCommercial extends DolibarrModules
        $this->rights_class = 'commercial';
        $r = 1;
-        // 261 : Permission g<EFBFBD>n<EFBFBD>rale
+        // 261 : Permission generale
        $this->rights[$r][0] = 261;
        $this->rights[$r][1] = 'Consulter informations commerciales';
        $this->rights[$r][2] = 'r';
@@ -93,9 +92,9 @@ class modCommercial extends DolibarrModules
        $this->rights[$r][5] = 'lire';
        $r++;
-        // 262 : Resteindre l'acc<EFBFBD>s des commerciaux
+        // 262 : Resteindre l'acces des commerciaux
        $this->rights[$r][0] = 262;
-        $this->rights[$r][1] = 'Consulter tous les clients (effectifs pour utilisateurs internes uniquement)';
+        $this->rights[$r][1] = 'Consulter tous les tiers par utilisateurs internes (sinon uniquement si contact commercial). Non effectif pour utilisateurs externes (tjs limités à eux-meme).';
        $this->rights[$r][2] = 'r';
        $this->rights[$r][3] = 1;
        $this->rights[$r][4] = 'client';
--- a/htdocs/includes/modules/modDeplacement.class.php
+++ b/htdocs/includes/modules/modDeplacement.class.php
@@ -1,5 +1,5 @@
 <?php
-/* Copyright (C) 2005-2007 Laurent Destailleur  <eldy@users.sourceforge.net>
+/* Copyright (C) 2005-2008 Laurent Destailleur  <eldy@users.sourceforge.net>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@@ -14,13 +14,12 @@
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 *
 * $Id$
 */
 /**
        \defgroup   deplacement     Module deplacement et notes de frais
-        \brief      Module pour g<EFBFBD>rer les d<EFBFBD>placements et notes de frais
+        \brief      Module pour gerer les deplacements et notes de frais
 		\version	$Id$
 */
 /**
@@ -81,19 +80,19 @@ class modDeplacement extends DolibarrModules
    $this->rights_class = 'deplacement';
    $this->rights[1][0] = 170;
-    $this->rights[1][1] = 'Lire les d<EFBFBD>placements';
+    $this->rights[1][1] = 'Lire les deplacements';
    $this->rights[1][2] = 'r';
    $this->rights[1][3] = 1;
    $this->rights[1][4] = 'lire';
    $this->rights[2][0] = 171;
-    $this->rights[2][1] = 'Cr<EFBFBD>er/modifier les d<EFBFBD>placements';
+    $this->rights[2][1] = 'Creer/modifier les deplacements';
    $this->rights[2][2] = 'w';
    $this->rights[2][3] = 0;
    $this->rights[2][4] = 'creer';
    $this->rights[3][0] = 172;
-    $this->rights[3][1] = 'Supprimer les d<EFBFBD>placements';
+    $this->rights[3][1] = 'Supprimer les deplacements';
    $this->rights[3][2] = 'd';
    $this->rights[3][3] = 0;
    $this->rights[3][4] = 'supprimer';
--- a/htdocs/includes/modules/modFicheinter.class.php
+++ b/htdocs/includes/modules/modFicheinter.class.php
@@ -1,6 +1,6 @@
 <?php
 /* Copyright (C) 2003      Rodolphe Quiedeville <rodolphe@quiedeville.org>
- * Copyright (C) 2004-2007 Laurent Destailleur  <eldy@users.sourceforge.net>
+ * Copyright (C) 2004-2008 Laurent Destailleur  <eldy@users.sourceforge.net>
 * Copyright (C) 2004      Sebastien Di Cintio  <sdicintio@ressource-toi.org>
 * Copyright (C) 2004      Benoit Mortier       <benoit.mortier@opensides.be>
 *
@@ -17,13 +17,12 @@
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 *
 * $Id$
 */
 /**
-        \defgroup   ficheinter     Module fiche interventions
+        \defgroup   ficheinter     Module intervention cards
-        \brief      Module pour g<>rer la tenue de fiches d'interventions
+        \brief      Module to manage intervention cards
 		\version	$Id$
 */
 /**
@@ -101,7 +100,7 @@ class modFicheinter  extends DolibarrModules
    $this->rights[1][4] = 'lire';
    $this->rights[2][0] = 62;
-    $this->rights[2][1] = 'Cr<EFBFBD>er/modifier les fiches d\'intervention';
+    $this->rights[2][1] = 'Creer/modifier les fiches d\'intervention';
    $this->rights[2][2] = 'w';
    $this->rights[2][3] = 0;
    $this->rights[2][4] = 'creer';
--- a/htdocs/includes/modules/modPrelevement.class.php
+++ b/htdocs/includes/modules/modPrelevement.class.php
@@ -80,28 +80,28 @@ class modPrelevement extends DolibarrModules
 		$this->rights_class = 'prelevement';
 		$this->rights[1][0] = 151;
-		$this->rights[1][1] = 'Consulter les pr<EFBFBD>l<EFBFBD>vements';
+		$this->rights[1][1] = 'Consulter les prelevements';
 		$this->rights[1][2] = 'r';
 		$this->rights[1][3] = 1;
 		$this->rights[1][4] = 'bons';
 		$this->rights[1][5] = 'lire';
 		$this->rights[2][0] = 152;
-		$this->rights[2][1] = 'Configurer les pr<EFBFBD>l<EFBFBD>vements';
+		$this->rights[2][1] = 'Configurer les prelevements';
 		$this->rights[2][2] = 'w';
 		$this->rights[2][3] = 0;
 		$this->rights[2][4] = 'bons';
 		$this->rights[2][5] = 'configurer';
 		$this->rights[3][0] = 153;
-		$this->rights[3][1] = 'Consulter les bons de pr<EFBFBD>l<EFBFBD>vements';
+		$this->rights[3][1] = 'Consulter les bons de prelevements';
 		$this->rights[3][2] = 'r';
 		$this->rights[3][3] = 0;
 		$this->rights[3][4] = 'bons';
 		$this->rights[3][5] = 'lire';
 		$this->rights[4][0] = 154;
-		$this->rights[4][1] = 'Cr<EFBFBD>er un bon de pr<EFBFBD>l<EFBFBD>vement';
+		$this->rights[4][1] = 'Creer un bon de prelevement';
 		$this->rights[4][2] = 'w';
 		$this->rights[4][3] = 0;
 		$this->rights[4][4] = 'bons';
--- a/htdocs/langs/en_US/admin.lang
+++ b/htdocs/langs/en_US/admin.lang
@@ -372,7 +372,7 @@ Permission254=Delete or disable other users
 Permission255=Create/modify his own user information
 Permission256=Modify his own password
 Permission261=Read commercial informations
-Permission262=Read all companies (Internal users only. Externals are always limited to themselves)
+Permission262=Read all third parties for internal users (otherwise require to be a commercial contact). Not affective for external users (always limited to themselves).
 Permission281=Read contacts
 Permission282=Create/modify contacts
 Permission283=Delete contacts
--- a/htdocs/langs/en_US/main.lang
+++ b/htdocs/langs/en_US/main.lang
@@ -412,6 +412,7 @@ TotalMan=Total
 YouCanChangeValuesForThisListFromDictionnarySetup=You can change values for this list from menu setup - dictionnary
 Color=Color
 MenuECM=Documents
 MenuMembers=Members
 # Week day
 Monday=Monday
 Tuesday=Tuesday
--- a/htdocs/langs/fr_FR/admin.lang
+++ b/htdocs/langs/fr_FR/admin.lang
@@ -371,7 +371,7 @@ Permission254=Supprimer ou d
 Permission255=Cr<43>er/modifier ses propres infos utilisateur
 Permission256=Modifier son propre mot de passe
 Permission261=Consulter informations commerciales
-Permission262=Consulter toutes les soci<EFBFBD>t<EFBFBD>s (Utilisateurs internes uniquement. Externes tjs limit<69>s <20> eux m<>me)
+Permission262=Consulter tous les tiers par utilisateurs internes (sinon requiert d'etre contact commercial). Non effectif pour utilisateurs externes (tjs limit<69>s <20> eux-meme).
 Permission281=Consulter les contacts
 Permission282=Cr<43>er/modifier les contacts
 Permission283=Supprimer les contacts
--- a/htdocs/langs/fr_FR/main.lang
+++ b/htdocs/langs/fr_FR/main.lang
@@ -414,6 +414,7 @@ TotalMan=Total
 YouCanChangeValuesForThisListFromDictionnarySetup=Vous pouvez changer ces valeurs depuis le menu configuration - dictionnaires
 Color=Couleur
 MenuECM=Documents
 MenuMembers=Adh<64>rents
 # Week day
 Monday=Lundi
 Tuesday=Mardi
--- a/htdocs/lib/company.lib.php
+++ b/htdocs/lib/company.lib.php
@@ -37,91 +37,123 @@ function societe_prepare_head($objsoc)
 	$head[$h][2] = 'company';
 	$h++;
-  if ($objsoc->client==1)
+	if ($objsoc->client==1)
-  {
+	{
-    $head[$h][0] = DOL_URL_ROOT.'/comm/fiche.php?socid='.$objsoc->id;
+		$head[$h][0] = DOL_URL_ROOT.'/comm/fiche.php?socid='.$objsoc->id;
-    $head[$h][1] = $langs->trans("Customer");;
+		$head[$h][1] = $langs->trans("Customer");;
-    $head[$h][2] = 'customer';
+		$head[$h][2] = 'customer';
-    $h++;
+		$h++;
-  }
+	}
-  if ($objsoc->client==2)
+	if ($objsoc->client==2)
-  {
+	{
-    $head[$h][0] = DOL_URL_ROOT.'/comm/prospect/fiche.php?id='.$objsoc->id;
+		$head[$h][0] = DOL_URL_ROOT.'/comm/prospect/fiche.php?id='.$objsoc->id;
-    $head[$h][1] = $langs->trans("Prospect");
+		$head[$h][1] = $langs->trans("Prospect");
-    $head[$h][2] = 'prospect';
+		$head[$h][2] = 'prospect';
-    $h++;
+		$h++;
-  }
+	}
-  if ($objsoc->fournisseur)
+	if ($objsoc->fournisseur)
-  {
+	{
-    $head[$h][0] = DOL_URL_ROOT.'/fourn/fiche.php?socid='.$objsoc->id;
+		$head[$h][0] = DOL_URL_ROOT.'/fourn/fiche.php?socid='.$objsoc->id;
-    $head[$h][1] = $langs->trans("Supplier");
+		$head[$h][1] = $langs->trans("Supplier");
-    $head[$h][2] = 'supplier';
+		$head[$h][2] = 'supplier';
-    $h++;
+		$h++;
-  }  
+	}  
-  if ($conf->facture->enabled || $conf->compta->enabled || $conf->comptaexpert->enabled)
+	if ($conf->facture->enabled || $conf->compta->enabled || $conf->comptaexpert->enabled)
-  {
+	{
-    $langs->load("compta");
+		$langs->load("compta");
-    $head[$h][0] = DOL_URL_ROOT.'/compta/fiche.php?socid='.$objsoc->id;
+		$head[$h][0] = DOL_URL_ROOT.'/compta/fiche.php?socid='.$objsoc->id;
-    $head[$h][1] = $langs->trans("Accountancy");
+		$head[$h][1] = $langs->trans("Accountancy");
-    $head[$h][2] = 'compta';
+		$head[$h][2] = 'compta';
-    $h++;
+		$h++;
-  }
+	}
-  //affichage onglet cat<61>gorie
+
 	//show categorie tab
 	if ($conf->categorie->enabled)
-  {
+	{
 		$head[$h][0] = DOL_URL_ROOT.'/categories/categorie.php?socid='.$objsoc->id;
 		$head[$h][1] = $langs->trans('Categories');
 		$head[$h][2] = 'category';
 		$h++;   		
-  }
+	}
-  if ($user->societe_id == 0)
+	if ($user->societe_id == 0)
-  {
+	{
-    $head[$h][0] = DOL_URL_ROOT.'/socnote.php?socid='.$objsoc->id;
+		$head[$h][0] = DOL_URL_ROOT.'/socnote.php?socid='.$objsoc->id;
-    $head[$h][1] = $langs->trans("Note");
+		$head[$h][1] = $langs->trans("Note");
-    $head[$h][2] = 'note';
+		$head[$h][2] = 'note';
-    $h++;
+		$h++;
-  }
+	}
-  if ($user->societe_id == 0)
+	if ($user->societe_id == 0)
-  {
+	{
-    $head[$h][0] = DOL_URL_ROOT.'/docsoc.php?socid='.$objsoc->id;
+		$head[$h][0] = DOL_URL_ROOT.'/docsoc.php?socid='.$objsoc->id;
-    $head[$h][1] = $langs->trans("Documents");
+		$head[$h][1] = $langs->trans("Documents");
-    $head[$h][2] = 'document';
+		$head[$h][2] = 'document';
-    $h++;
+		$h++;
-  }
+	}
  if ($conf->notification->enabled && $user->societe_id == 0)
  {
    $head[$h][0] = DOL_URL_ROOT.'/societe/notify/fiche.php?socid='.$objsoc->id;
    $head[$h][1] = $langs->trans("Notifications");
    $head[$h][2] = 'notify';
    $h++;
  }
-  if ($objsoc->fournisseur)
+	if ($conf->notification->enabled && $user->societe_id == 0)
-  {
+	{
-    $head[$h][0] = DOL_URL_ROOT.'/fourn/fiche-stats.php?socid='.$objsoc->id;
+		$head[$h][0] = DOL_URL_ROOT.'/societe/notify/fiche.php?socid='.$objsoc->id;
-    $head[$h][1] = $langs->trans("Statistics");
+		$head[$h][1] = $langs->trans("Notifications");
-    $head[$h][2] = 'supplierstat';
+		$head[$h][2] = 'notify';
 		$h++;
 	}
 	if ($objsoc->fournisseur)
 	{
 		$head[$h][0] = DOL_URL_ROOT.'/fourn/fiche-stats.php?socid='.$objsoc->id;
 		$head[$h][1] = $langs->trans("Statistics");
 		$head[$h][2] = 'supplierstat';
 		$h++;
 	}
 	if ($user->societe_id == 0)
 	{	
 		$head[$h][0] = DOL_URL_ROOT.'/societe/info.php?socid='.$objsoc->id;
 		$head[$h][1] = $langs->trans("Info");
 		$head[$h][2] = 'info';
 		$h++;
 	}
 	if ($conf->bookmark->enabled && $user->rights->bookmark->creer)
 	{
 		$head[$h][0] = DOL_URL_ROOT."/bookmarks/fiche.php?action=add&amp;socid=".$objsoc->id."&amp;urlsource=".$_SERVER["PHP_SELF"]."?socid=".$objsoc->id;
 		$head[$h][1] = img_object($langs->trans("BookmarkThisPage"),'bookmark');
 		$head[$h][2] = 'image';
 		$h++;
 	}
 	return $head;
 }
 function societe_prepare_head2($objsoc)
 {
 	global $langs, $conf, $user;
 	$h = 0;
 	$head = array();
    $head[$h][0] = DOL_URL_ROOT.'/soc.php?socid='.$objsoc->id;
    $head[$h][1] = $langs->trans("Card");
 	$head[$h][2] = 'company';
    $h++;
-  }
+    
-  
+    $head[$h][0] = DOL_URL_ROOT .'/societe/rib.php?socid='.$objsoc->id;
-  if ($user->societe_id == 0)
+    $head[$h][1] = $langs->trans("BankAccount")." $account->number";
-  {	
+	$head[$h][2] = 'rib';
    $head[$h][0] = DOL_URL_ROOT.'/societe/info.php?socid='.$objsoc->id;
    $head[$h][1] = $langs->trans("Info");
    $head[$h][2] = 'info';
    $h++;
-  }
+    
-  
+    $head[$h][0] = 'lien.php?socid='.$objsoc->id;
-  if ($conf->bookmark->enabled && $user->rights->bookmark->creer)
+    $head[$h][1] = $langs->trans("Links");
-  {
+	$head[$h][2] = 'links';
-    $head[$h][0] = DOL_URL_ROOT."/bookmarks/fiche.php?action=add&amp;socid=".$objsoc->id."&amp;urlsource=".$_SERVER["PHP_SELF"]."?socid=".$objsoc->id;
+    $h++;
-    $head[$h][1] = img_object($langs->trans("BookmarkThisPage"),'bookmark');
+    
-    $head[$h][2] = 'image';
+    $head[$h][0] = 'commerciaux.php?socid='.$objsoc->id;
    $head[$h][1] = $langs->trans("SalesRepresentative");
 	$head[$h][2] = 'salesrepresentative';
    $h++;
  }
-  return $head;
+	return $head;
 }
--- a/htdocs/lib/functions.inc.php
+++ b/htdocs/lib/functions.inc.php
@@ -1221,44 +1221,79 @@ function info_admin($texte,$infoonimgalt=0)
 /**
     \brief      V<>rifie les droits de l'utilisateur
-     \param      user      	  Utilisateur courant
+     \param      user      	  	Utilisateur courant
-     \param      module        Module a v<>rifier
+     \param      feature		Feature to check (in most cases, it's module name)
-     \param      objectid      ID de l'element (optionnel)
+     \param      objectid      	ID de l'element (optionnel)
-     \param      dbtable       Table de la base correspondant au module (optionnel)
+     \param      dbtable       	Table de la base correspondant au module (optionnel)
-     \param      list          D<>fini si la page sert de liste et donc ne fonctionne pas avec un id
+     \param      list          	D<EFBFBD>fini si la page sert de liste et donc ne fonctionne pas avec un id
 */
-function restrictedArea($user, $modulename, $objectid='', $dbtablename='', $list=0)
+function restrictedArea($user, $feature, $objectid='', $dbtablename='', $list=0)
 {
 	global $db;
 	// Clean parameters
-	if (! $modulename)
+	if (! $feature)
 	{
-		$modulename = 'societe';
+		$feature = 'societe';
 		$list = 1;
 	}
 	$objectid = 0;
 	$socid = 0;
 	//print "$user->id, $feature, $objectid, $dbtablename, $list ".$user->rights->societe->contact->lire;
 	// Check read permission from module
 	$readok=1;
-	if ($modulename == 'societe')
+	if ($feature == 'societe')
 	{
 		if (! $user->rights->societe->lire && ! $user->rights->fournisseur->lire) $readok=0;
 	}
 	else if ($feature == 'contact')
 	{
 		if (! $user->rights->societe->contact->lire) $readok=0;
 	}
 	else if ($feature == 'prelevement')
 	{
 		if (! $user->rights->prelevement->bons->lire) $readok=0;
 	}
 	else if ($feature == 'commande_fournisseur')
 	{
 		if (! $user->rights->fournisseur->commande->lire) $readok=0;
 	}
 	else
 	{
-		if (! $user->rights->$modulename->lire) $readok=0;
+		if (! $user->rights->$feature->lire) $readok=0;
 	}
 	if (! $readok) accessforbidden();
 	//print "Read access is ok";
 	// Check write permission from module
 	$createok=1;
 	if ($_GET["action"] == 'create' || $_POST["action"] == 'create')
 	{
-		if (! $user->rights->$modulename->creer) $createok=0;
+		if ($feature == 'societe')
 		{
 			if (! $user->rights->societe->creer && ! $user->rights->fournisseur->creer) $createok=0;
 		}
 		else if ($feature == 'contact')
 		{
 			if (! $user->rights->societe->contact->creer) $createok=0;
 		}
 		else if ($feature == 'prelevement')
 		{
 			if (! $user->rights->prelevement->bons->creer) $createok=0;
 		}
 		else if ($feature == 'commande_fournisseur')
 		{
 			if (! $user->rights->fournisseur->commande->creer) $createok=0;
 		}
 		else
 		{
 			if (! $user->rights->$feature->creer) $createok=0;
 		}
 		if (! $createok) accessforbidden();
 		//print "Write access is ok";
 	}
 	// Check permission from company affiliation
@@ -1268,12 +1303,12 @@ function restrictedArea($user, $modulename, $objectid='', $dbtablename='', $list
 		$_POST["action"] = '';
 		$socid = $user->societe_id;
 		if (!$objectid) $objectid = $socid;
-		if ($modulename == 'societe' && $socid <> $objectid) accessforbidden();
+		if ($feature == 'societe' && $socid <> $objectid) accessforbidden();
 	}
 	if ($objectid)
 	{
-		if ($modulename == 'societe' && ! $user->rights->commercial->client->voir && ! $socid > 0)
+		if ($feature == 'societe' && ! $user->rights->commercial->client->voir && ! $socid > 0)
 		{
 			$sql = "SELECT sc.fk_soc";
 			$sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc";
@@ -1282,7 +1317,7 @@ function restrictedArea($user, $modulename, $objectid='', $dbtablename='', $list
 		else if (! $user->rights->commercial->client->voir || $socid > 0)
 		{
 			// Si dbtable non d<>fini, m<>me nom que le module
-			if (!$dbtablename) $dbtablename = $modulename;
+			if (!$dbtablename) $dbtablename = $feature;
 			$sql = "SELECT sc.fk_soc, dbt.fk_soc";
 			$sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX.$dbtablename." as dbt";
--- a/htdocs/societe/commerciaux.php
+++ b/htdocs/societe/commerciaux.php
@@ -15,18 +15,17 @@
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 *
 * $Id$
 */
 /**
        \file       htdocs/societe/commerciaux.php
        \ingroup    societe
        \brief      Page d'affectations des commerciaux aux societes
-        \version    $Revision$
+        \version    $Id$
 */
 require("./pre.inc.php");
 require_once(DOL_DOCUMENT_ROOT."/lib/company.lib.php");
 $langs->load("companies");
 $langs->load("commercial");
@@ -34,32 +33,14 @@ $langs->load("customers");
 $langs->load("suppliers");
 $langs->load("banks");
-if ( !$user->rights->societe->creer)
+// Security check
  accessforbidden();
 $socid = isset($_GET["socid"])?$_GET["socid"]:'';
-if (!$socid) accessforbidden();
+$result = restrictedArea($user, 'societe','','',1);
-// S<>curit<69> acc<63>s client
+/*
-if ($user->societe_id > 0) 
+*	Actions
-{
+*/
  $action = '';
  $socid = $user->societe_id;
 }
 // Protection restriction commercial
 if (!$user->rights->commercial->client->voir && $socid)
 {
        $sql = "SELECT sc.rowid";
        $sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc";
        $sql .= " WHERE sc.fk_soc = ".$socid." AND sc.fk_user = ".$user->id;
        if ( $db->query($sql) )
        {
          if ( $db->num_rows() == 0) accessforbidden();
        }
 }
 if($_GET["socid"] && $_GET["commid"])
 {
@@ -88,42 +69,31 @@ if($_GET["socid"] && $_GET["delcommid"])
      $soc->del_commercial($user, $_GET["delcommid"]);
      Header("Location: commerciaux.php?socid=".$soc->id);
 	  exit;
    }
  else
    {
      Header("Location: commerciaux.php?socid=".$_GET["socid"]);
 	  exit;
    }
 }
 /*
 *	View
 */
 llxHeader();
-if($_GET["socid"])
+if ($_GET["socid"])
 {
    $soc = new Societe($db);
    $soc->id = $_GET["socid"];
-    $soc->fetch($_GET["socid"]);
+    $result=$soc->fetch($_GET["socid"]);
-    $h=0;
+    $head=societe_prepare_head2($soc);
-    
+	
-    $head[$h][0] = DOL_URL_ROOT.'/soc.php?socid='.$soc->id;
+    dolibarr_fiche_head($head, 'salesrepresentative', $langs->trans("ThirdParty"));
    $head[$h][1] = $langs->trans("Company");
    $h++;
    $head[$h][0] = DOL_URL_ROOT .'/societe/rib.php?socid='.$soc->id;
    $head[$h][1] = $langs->trans("BankAccount")." $account->number";
    $h++;
    $head[$h][0] = 'lien.php?socid='.$soc->id;
    $head[$h][1] = $langs->trans("Links");
    $h++;
    $head[$h][0] = 'commerciaux.php?socid='.$soc->id;
    $head[$h][1] = $langs->trans("SalesRepresentative");
    $hselected=$h;
    $h++;
    dolibarr_fiche_head($head, $hselected, $soc->nom);
    /*
    * Fiche soci<63>t<EFBFBD> en mode visu
@@ -185,7 +155,7 @@ if($_GET["socid"])
          {
            print '<a href="'.DOL_URL_ROOT.'/user/fiche.php?id='.$obj->rowid.'">';
            print img_object($langs->trans("ShowUser"),"user").' ';
-            print stripslashes($obj->firstname)." " .stripslashes($obj->name)."\n";
+            print $obj->firstname." " .$obj->name."\n";
            print '</a>&nbsp;';
            print '<a href="commerciaux.php?socid='.$_GET["socid"].'&amp;delcommid='.$obj->rowid.'">';
            print img_delete();
--- a/htdocs/societe/info.php
+++ b/htdocs/societe/info.php
@@ -30,27 +30,9 @@ require_once(DOL_DOCUMENT_ROOT."/societe.class.php");
 $langs->load("companies");
 $langs->load("other");
-// S<EFBFBD>curit<EFBFBD> acc<63>s client
+// Security check
 $socid = isset($_GET["socid"])?$_GET["socid"]:'';
-if ($socid == '') accessforbidden();
+$result = restrictedArea($user, 'societe','','',1);
 if ($user->societe_id > 0)
 {
    $action = '';
    $socid = $user->societe_id;
 }
 // Protection restriction commercial
 if (!$user->rights->commercial->client->voir && $socid && !$user->societe_id > 0)
 {
        $sql = "SELECT sc.fk_soc, s.client";
        $sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."societe as s";
        $sql .= " WHERE sc.fk_soc = ".$socid." AND sc.fk_user = ".$user->id." AND s.client = 1";
        if ( $db->query($sql) )
        {
          if ( $db->num_rows() == 0) accessforbidden();
        }
 }
 /*
--- a/htdocs/societe/lien.php
+++ b/htdocs/societe/lien.php
@@ -1,6 +1,6 @@
 <?php
 /* Copyright (C) 2001-2005 Rodolphe Quiedeville <rodolphe@quiedeville.org>
- * Copyright (C) 2004-2005 Laurent Destailleur  <eldy@users.sourceforge.net>
+ * Copyright (C) 2004-2008 Laurent Destailleur  <eldy@users.sourceforge.net>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@@ -15,55 +15,31 @@
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 *
 * $Id$
 * $Source$
 */
 /**
        \file       htdocs/societe/lien.php
        \ingroup    societe
-        \brief      Page des societes
+        \brief      Page of links to other third parties
-        \version    $Revision$
+        \version    $Id$
 */
 require("./pre.inc.php");
 require_once(DOL_DOCUMENT_ROOT."/lib/company.lib.php");
 $langs->load("companies");
 $langs->load("customers");
 $langs->load("suppliers");
 $langs->load("banks");
-if ( !$user->rights->societe->creer)
+// Security check
  accessforbidden();
 $socid = isset($_GET["socid"])?$_GET["socid"]:'';
-if (!$socid) accessforbidden();
+$result = restrictedArea($user, 'societe','','',1);
 // S<>curit<69> acc<63>s client
 if ($user->societe_id > 0) 
 {
  $action = '';
  $socid = $user->societe_id;
 }
 // Protection restriction commercial
 if (!$user->rights->commercial->client->voir && $socid)
 {
        $sql = "SELECT sc.rowid";
        $sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc";
        $sql .= " WHERE sc.fk_soc = ".$socid." AND sc.fk_user = ".$user->id;
        if ( $db->query($sql) )
        {
          if ( $db->num_rows() == 0) accessforbidden();
        }
 }
 /*
- * Actions
+* Actions
- */
+*/
 // Positionne companie parente
 if($_GET["socid"] && $_GET["select"])
@@ -117,27 +93,9 @@ if($_GET["socid"])
    $soc->id = $_GET["socid"];
    $soc->fetch($_GET["socid"]);
-    $h=0;
+    $head=societe_prepare_head2($soc);
-    $head[$h][0] = DOL_URL_ROOT.'/soc.php?socid='.$soc->id;
+    dolibarr_fiche_head($head, 'links', $langs->trans("ThirdParty"));
    $head[$h][1] = $langs->trans("Company");
    $h++;
    $head[$h][0] = DOL_URL_ROOT .'/societe/rib.php?socid='.$soc->id;
    $head[$h][1] = $langs->trans("BankAccount")." $account->number";
    $h++;
    $head[$h][0] = 'lien.php?socid='.$soc->id;
    $head[$h][1] = $langs->trans("Links");
    $hselected=$h;
    $h++;
    $head[$h][0] = 'commerciaux.php?socid='.$soc->id;
    $head[$h][1] = $langs->trans("SalesRepresentative");
    $h++;
    dolibarr_fiche_head($head, $hselected, $soc->nom);
    /*
     * Fiche soci<63>t<EFBFBD> en mode visu
--- a/htdocs/societe/notify/fiche.php
+++ b/htdocs/societe/notify/fiche.php
@@ -15,16 +15,13 @@
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 *
 * $Id$
 * $Source$
 */
 /**
 	    \file       htdocs/societe/notify/fiche.php
        \ingroup    societe, notification
 		\brief      Onglet notifications pour une societe
-		\version    $Revision$
+		\version    $Id$
 */
 require("pre.inc.php");
@@ -34,27 +31,9 @@ require_once(DOL_DOCUMENT_ROOT."/contact.class.php");
 $langs->load("companies");
 $langs->load("mails");
-// S<EFBFBD>curit<EFBFBD> acc<63>s client
+// Security check
 $socid = isset($_GET["socid"])?$_GET["socid"]:'';
-if ($socid == '') accessforbidden();
+$result = restrictedArea($user, 'societe','','',1);
 if ($user->societe_id > 0)
 {
    $action = '';
    $socid = $user->societe_id;
 }
 // Protection restriction commercial
 if (!$user->rights->commercial->client->voir && $socid && !$user->societe_id > 0)
 {
        $sql = "SELECT sc.fk_soc, s.client";
        $sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."societe as s";
        $sql .= " WHERE sc.fk_soc = ".$socid." AND sc.fk_user = ".$user->id." AND s.client = 1";
        if ( $db->query($sql) )
        {
          if ( $db->num_rows() == 0) accessforbidden();
        }
 }
 $sortorder=$_GET["sortorder"];
 $sortfield=$_GET["sortfield"];
@@ -62,6 +41,10 @@ if (! $sortorder) $sortorder="ASC";
 if (! $sortfield) $sortfield="c.name";
 /*
 *	View
 */
 llxHeader();
 /*
--- a/htdocs/societe/rib.php
+++ b/htdocs/societe/rib.php
@@ -1,7 +1,7 @@
 <?php
 /* Copyright (C) 2002-2004 Rodolphe Quiedeville <rodolphe@quiedeville.org>
 * Copyright (C) 2003      Jean-Louis Bergamo   <jlb@j1b.org>
- * Copyright (C) 2004-2005 Laurent Destailleur  <eldy@users.sourceforge.net>
+ * Copyright (C) 2004-2008 Laurent Destailleur  <eldy@users.sourceforge.net>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@@ -16,58 +16,35 @@
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 *
 * $Id$
 * $Source$
 */
 /**
 	    \file       htdocs/societe/rib.php
        \ingroup    societe
 		\brief      Onglet rib de societe
-		\version    $Revision$
+		\version    $Id$
 */
 require("./pre.inc.php");
-require_once DOL_DOCUMENT_ROOT . "/companybankaccount.class.php";
+require_once(DOL_DOCUMENT_ROOT."/lib/company.lib.php");
 require_once DOL_DOCUMENT_ROOT."/companybankaccount.class.php";
 $langs->load("companies");
 $langs->load("banks");
-if ( !$user->rights->societe->creer)
+// Security check
  accessforbidden();
 $socid = isset($_GET["socid"])?$_GET["socid"]:'';
-if (!$socid) accessforbidden();
+$result = restrictedArea($user, 'societe','','',1);
 // S<>curit<69> acc<63>s client
 if ($user->societe_id > 0) 
 {
  $action = '';
  $socid = $user->societe_id;
 }
 // Protection restriction commercial
 if (!$user->rights->commercial->client->voir && $socid)
 {
        $sql = "SELECT sc.rowid";
        $sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc";
        $sql .= " WHERE sc.fk_soc = ".$socid." AND sc.fk_user = ".$user->id;
        if ( $db->query($sql) )
        {
          if ( $db->num_rows() == 0) accessforbidden();
        }
 }
 llxHeader();
 $soc = new Societe($db);
 $soc->id = $_GET["socid"];
 $soc->fetch($_GET["socid"]);
 /*
 *	Actions
 */
 if ($_POST["action"] == 'update' && ! $_POST["cancel"])
 {
  // Modification
@@ -101,28 +78,13 @@ if ($_POST["action"] == 'update' && ! $_POST["cancel"])
 /*
- * Affichage onglets
+*	View
- */
+*/
-$h = 0;
+llxHeader();
-$head[$h][0] = DOL_URL_ROOT.'/soc.php?socid='.$soc->id;
+$head=societe_prepare_head2($soc);
 $head[$h][1] = $langs->trans("Company");
 $h++;
 $head[$h][0] = DOL_URL_ROOT .'/societe/rib.php?socid='.$soc->id;
 $head[$h][1] = $langs->trans("BankAccount")." $account->number";
 $hselected=$h;
 $h++;
 $head[$h][0] = 'lien.php?socid='.$soc->id;
 $head[$h][1] = $langs->trans("Links");
 $h++;
 $head[$h][0] = 'commerciaux.php?socid='.$soc->id;
 $head[$h][1] = $langs->trans("SalesRepresentative");
 $h++;
-dolibarr_fiche_head($head, $hselected, $soc->nom);
+dolibarr_fiche_head($head, 'rib', $langs->trans("ThirdParty"));
 $account = new CompanyBankAccount($db, $soc->id);
 $account->fetch();
--- a/htdocs/user/perms.php
+++ b/htdocs/user/perms.php
@@ -249,7 +249,7 @@ if ($result)
            {
                // On affiche ligne pour modifier droits
                print '<tr '. $bc[$var].'>';
-                print '<td>'.img_object('',$picto).' '.$objMod->getName();
+                print '<td nowrap="nowrap">'.img_object('',$picto).' '.$objMod->getName();
                print '<a name="'.$objMod->getName().'">&nbsp;</a></td>';    
                print '<td align="center" nowrap>';
                print '<a title='.$langs->trans("All").' alt='.$langs->trans("All").' href="perms.php?id='.$fuser->id.'&amp;action=addrights&amp;module='.$obj->module.'#'.$objMod->getName().'">'.$langs->trans("All")."</a>";