diff --git a/core/core.php b/core/core.php
index 9f2bdd68..32f8ad8f 100644
--- a/core/core.php
+++ b/core/core.php
@@ -2762,7 +2762,7 @@ class layout extends common {
 			$rightItems = '';
 			// if($this->getUser('group') >= self::GROUP_MODERATOR) {
 			if($this->getUser('group') >= self::GROUP_EDITOR) {
-				$rightItems .= '<li><a href="' . helper::baseUrl(false) . 'core/vendor/filemanager/dialog.php?type=0&akey=' . md5_file(self::DATA_DIR.'core.json') .'" data-tippy-content="Gérer les fichiers" data-lity>' . template::ico('folder') . '</a></li>';
+				$rightItems .= '<li><a href="' . helper::baseUrl(false) . 'core/vendor/filemanager/dialog.php?type=0&akey=' . md5_file(self::DATA_DIR.'core.json') .'&ext='.password_hash($this->getUser('group'),PASSWORD_BCRYPT).'" data-tippy-content="Gérer les fichiers" data-lity>' . template::ico('folder') . '</a></li>';
 			}
 			if($this->getUser('group') >= self::GROUP_ADMIN) {
 				$rightItems .= '<li><a href="' . helper::baseUrl() . 'user" data-tippy-content="Configurer les utilisateurs">' . template::ico('users') . '</a></li>';
diff --git a/core/vendor/filemanager/config/config.php b/core/vendor/filemanager/config/config.php
index c17db810..22afda6d 100644
--- a/core/vendor/filemanager/config/config.php
+++ b/core/vendor/filemanager/config/config.php
@@ -13,14 +13,11 @@ ob_start('mb_output_handler');
 date_default_timezone_set('Europe/Paris');
 setlocale(LC_CTYPE, 'fr_FR'); //correct transliteration
 
-// Validation des actions (delete, rename) par lecture du groupe de l'utilisateur via cookie et user.json
-if( is_file('../../../site/data/user.json')){
-	$json = file_get_contents('../../../site/data/user.json');
-	$user = json_decode($json, true);
-	$val = $user['user'][$_COOKIE["ZWII_USER_ID"]]['group'] >= 3 ? true : false;
-}
-else{
-	$val = false;
+// Validation des actions (delete, rename) par lecture du groupe de l'utilisateur transmis par l'URL
+$access = false;
+if ( password_verify('4',$_GET['ext']) 
+     OR password_verify('3',$_GET['ext']) ) {
+		 $access = true;
 }
 
 
@@ -347,18 +344,18 @@ $config = array(
 	//*************************
 	//Permissions configuration
 	//******************
-	'delete_files'                            => $val,
+	'delete_files'                            => $access,
 	'create_folders'                          => true,
-	'delete_folders'                          => $val,
+	'delete_folders'                          => $access,
 	'upload_files'                            => true,
-	'rename_files'                            => $val,
-	'rename_folders'                          => $val,
+	'rename_files'                            => $access,
+	'rename_folders'                          => $access,
 	'duplicate_files'                         => true,
 	'extract_files'                           => true,
-	'copy_cut_files'                          => $val, // for copy/cut files
-	'copy_cut_dirs'                           => $val, // for copy/cut directories
-	'chmod_files'                             => $val, // change file permissions
-	'chmod_dirs'                              => $val, // change folder permissions
+	'copy_cut_files'                          => $access, // for copy/cut files
+	'copy_cut_dirs'                           => $access, // for copy/cut directories
+	'chmod_files'                             => $access, // change file permissions
+	'chmod_dirs'                              => $access, // change folder permissions
 	'preview_text_files'                      => true, // eg.: txt, log etc.
 	'edit_text_files'                         => true, // eg.: txt, log etc.
 	'create_text_files'                       => true, // only create files with exts. defined in $config['editable_text_file_exts']