From 8fbf5b1f338819fe4aa1ee097ebcccd697acb2d4 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Mon, 29 Oct 2018 18:28:19 +0100
Subject: [PATCH] FIX deletion on draft is allowed if we are allwoed to create

---
 htdocs/compta/facture/card.php                  |  3 ++-
 htdocs/fourn/facture/card.php                   |  3 ++-
 htdocs/modulebuilder/template/myobject_card.php | 10 +++++-----
 3 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/htdocs/compta/facture/card.php b/htdocs/compta/facture/card.php
index aa1176e029529..4ab316e638d8a 100644
--- a/htdocs/compta/facture/card.php
+++ b/htdocs/compta/facture/card.php
@@ -115,7 +115,8 @@
 // Security check
 $fieldid = (! empty($ref) ? 'facnumber' : 'rowid');
 if ($user->societe_id) $socid = $user->societe_id;
-$result = restrictedArea($user, 'facture', $id, '', '', 'fk_soc', $fieldid, null, (($object->statut == Facture::STATUS_DRAFT) ? 1 : 0));
+$isdraft = (($object->statut == Facture::STATUS_DRAFT) ? 1 : 0);
+$result = restrictedArea($user, 'facture', $id, '', '', 'fk_soc', $fieldid, null, $isdraft);
 
 
 /*
diff --git a/htdocs/fourn/facture/card.php b/htdocs/fourn/facture/card.php
index 29e9f6fe85ed1..a51da110195da 100644
--- a/htdocs/fourn/facture/card.php
+++ b/htdocs/fourn/facture/card.php
@@ -93,7 +93,8 @@
 // Security check
 $socid='';
 if (! empty($user->societe_id)) $socid=$user->societe_id;
-$result = restrictedArea($user, 'fournisseur', $id, 'facture_fourn', 'facture', 'fk_soc', 'rowid', null, (($object->statut == FactureFournisseur::STATUS_DRAFT) ? 1 : 0));
+$isdraft = (($object->statut == FactureFournisseur::STATUS_DRAFT) ? 1 : 0);
+$result = restrictedArea($user, 'fournisseur', $id, 'facture_fourn', 'facture', 'fk_soc', 'rowid', null, $isdraft);
 
 $permissionnote=$user->rights->fournisseur->facture->creer;	// Used by the include of actions_setnotes.inc.php
 $permissiondellink=$user->rights->fournisseur->facture->creer;	// Used by the include of actions_dellink.inc.php
diff --git a/htdocs/modulebuilder/template/myobject_card.php b/htdocs/modulebuilder/template/myobject_card.php
index 6c6324e6e8d54..3d811d5338181 100644
--- a/htdocs/modulebuilder/template/myobject_card.php
+++ b/htdocs/modulebuilder/template/myobject_card.php
@@ -93,14 +93,14 @@
 
 if (empty($action) && empty($id) && empty($ref)) $action='view';
 
-// Security check - Protection if external user
-//if ($user->societe_id > 0) access_forbidden();
-//if ($user->societe_id > 0) $socid = $user->societe_id;
-//$result = restrictedArea($user, 'mymodule', $id);
-
 // Load object
 include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php';  // Must be include, not include_once  // Must be include, not include_once. Include fetch and fetch_thirdparty but not fetch_optionals
 
+// Security check - Protection if external user
+//if ($user->societe_id > 0) access_forbidden();
+//if ($user->societe_id > 0) $socid = $user->societe_id;
+//$isdraft = (($object->statut == MyObject::STATUS_DRAFT) ? 1 : 0);
+//$result = restrictedArea($user, 'mymodule', $id, '', '', 'fk_soc', 'rowid', null, $isdraft);
 
 
 /*