diff --git a/htdocs/core/menus/standard/eldy.lib.php b/htdocs/core/menus/standard/eldy.lib.php
index c12209f2f14a78e768e9173dce631fe237bfca44..bcbcf3b154e7469f248d7f279fb2067626dbd1a7 100644
--- a/htdocs/core/menus/standard/eldy.lib.php
+++ b/htdocs/core/menus/standard/eldy.lib.php
@@ -1220,7 +1220,7 @@ function print_left_eldy_menu($db,$menu_array_before,$menu_array_after,&$tabMenu
$newmenu->add("/holiday/card.php?&action=request", $langs->trans("New"), 1,$user->rights->holiday->write);
$newmenu->add("/holiday/list.php?&leftmenu=hrm", $langs->trans("List"), 1,$user->rights->holiday->read);
$newmenu->add("/holiday/list.php?select_statut=2&leftmenu=hrm", $langs->trans("ListToApprove"), 2, $user->rights->holiday->read);
- $newmenu->add("/holiday/define_holiday.php?&action=request", $langs->trans("MenuConfCP"), 1, $user->rights->holiday->define_holiday);
+ $newmenu->add("/holiday/define_holiday.php?&action=request", $langs->trans("MenuConfCP"), 1, $user->rights->holiday->read);
$newmenu->add("/holiday/view_log.php?&action=request", $langs->trans("MenuLogCP"), 1, $user->rights->holiday->define_holiday);
}
diff --git a/htdocs/holiday/define_holiday.php b/htdocs/holiday/define_holiday.php
index c181036a0dac365524158e7d0e4afcabf1feed65..6d74aa109e0dd0e03c28e8b16563a3b6cd6c49d0 100644
--- a/htdocs/holiday/define_holiday.php
+++ b/htdocs/holiday/define_holiday.php
@@ -1,5 +1,5 @@
<?php
-/* Copyright (C) 2007-2015 Laurent Destailleur <eldy@users.sourceforge.net>
+/* Copyright (C) 2007-2016 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2011 Dimitri Mouillard <dmouillard@teclib.com>
* Copyright (C) 2013 Marcos GarcĂa <marcosgdf@gmail.com>
* Copyright (C) 2016 Regis Houssin <regis.houssin@capnetworks.com>
@@ -34,7 +34,7 @@ require_once DOL_DOCUMENT_ROOT.'/holiday/common.inc.php';
if ($user->societe_id > 0) accessforbidden();
// If the user does not have perm to read the page
-if(!$user->rights->holiday->define_holiday) accessforbidden();
+if(!$user->rights->holiday->read) accessforbidden();
$action=GETPOST('action');
@@ -235,11 +235,23 @@ else
print '<td></td>';
print '</tr>';
-
+ // Get array of ids of all childs
+ $userchilds=array();
+ if (empty($user->rights->holiday->define_holiday))
+ {
+ $userchilds=$user->getAllChildIds();
+ }
+
foreach($listUsers as $users)
{
$var=!$var;
+ // If user has not permission to edit/read all, we must see only subordinates
+ if (empty($user->rights->holiday->define_holiday))
+ {
+ if (($users['rowid'] != $user->id) && (! in_array($users['rowid'], $userchilds))) continue; // This user is not into hierarchy of current user, we hide it.
+ }
+
print '<tr '.$bc[$var].' style="height: 20px;">';
print '<td>';
$userstatic->id=$users['rowid'];
diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php
index b6f2165c74557121338f6ec072a307fe2c8a0592..553218bbae6f00db364612aeaa014170b06def0f 100644
--- a/htdocs/user/class/user.class.php
+++ b/htdocs/user/class/user.class.php
@@ -2575,7 +2575,8 @@ class User extends CommonObject
}
/**
- * For user id_user and its childs available in this->users, define property fullpath and fullname
+ * For user id_user and its childs available in this->users, define property fullpath and fullname.
+ * Function called by get_full_tree().
*
* @param int $id_user id_user entry to update
* @param int $protection Deep counter to avoid infinite loop