From 466010a4121317736e41e51d06dcc52bc617a0f2 Mon Sep 17 00:00:00 2001
From: aspangaro <alexandre.spangaro@gmail.com>
Date: Sun, 5 Jun 2016 14:14:20 +0200
Subject: [PATCH] Fix: Accountancy 4.0 - Right to access to fiscal year

---
 htdocs/accountancy/admin/fiscalyear.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/htdocs/accountancy/admin/fiscalyear.php b/htdocs/accountancy/admin/fiscalyear.php
index 00cf70b9e73..e84c079a7e5 100644
--- a/htdocs/accountancy/admin/fiscalyear.php
+++ b/htdocs/accountancy/admin/fiscalyear.php
@@ -42,7 +42,10 @@ if (! $sortorder) $sortorder="ASC";
 $langs->load("admin");
 $langs->load("compta");
 
-if (! $user->admin)
+// Security check
+if ($user->societe_id > 0)
+	accessforbidden();
+if (! $user->rights->accounting->fiscalyear)
 	accessforbidden();
 
 $error = 0;
-- 
GitLab