From 23b748aca3774768c89b6112b2ece090724d1027 Mon Sep 17 00:00:00 2001
From: aspangaro <alexandre.spangaro@gmail.com>
Date: Sun, 5 Jun 2016 14:22:13 +0200
Subject: [PATCH] Fix: Accountancy - Access rights

---
 htdocs/accountancy/admin/account.php    | 4 +++-
 htdocs/accountancy/admin/fiscalyear.php | 9 ++++++---
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/htdocs/accountancy/admin/account.php b/htdocs/accountancy/admin/account.php
index 3f251e0090b..99b78ff7c5c 100644
--- a/htdocs/accountancy/admin/account.php
+++ b/htdocs/accountancy/admin/account.php
@@ -43,7 +43,9 @@ $search_pcgtype = GETPOST("search_pcgtype");
 $search_pcgsubtype = GETPOST("search_pcgsubtype");
 
 // Security check
-if (! $user->admin)
+if ($user->societe_id > 0)
+	accessforbidden();
+if (! $user->rights->accounting->chartofaccount)
 	accessforbidden();
 
 $sortfield = GETPOST("sortfield", 'alpha');
diff --git a/htdocs/accountancy/admin/fiscalyear.php b/htdocs/accountancy/admin/fiscalyear.php
index 75411d6402f..199e04bb856 100644
--- a/htdocs/accountancy/admin/fiscalyear.php
+++ b/htdocs/accountancy/admin/fiscalyear.php
@@ -1,5 +1,5 @@
 <?php
-/* Copyright (C) 2013-2014 Alexandre Spangaro   <aspangaro.dolibarr@gmail.com>
+/* Copyright (C) 2013-2016 Alexandre Spangaro   <aspangaro.dolibarr@gmail.com>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -30,12 +30,15 @@ $action = GETPOST('action');
 $langs->load("admin");
 $langs->load("compta");
 
-if (! $user->admin)
+// Security check
+if ($user->societe_id > 0)
+	accessforbidden();
+if (! $user->rights->accounting->fiscalyear)
 	accessforbidden();
 
 $error = 0;
 
-// List of statut
+// List of status
 static $tmpstatut2label = array (
 		'0' => 'OpenFiscalYear',
 		'1' => 'CloseFiscalYear' 
-- 
GitLab