X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=modules%2Fpayment.php;h=66c56b239a51eaaf877f61b635688b9da4745e93;hb=a037f0a822d44e1fd79e5fe488092b0ab8dbc1ab;hp=3c94da0e3ff58fb8bf0d8dc1c0cba286df1b192c;hpb=6643b3f0c3bff229c0b12b373adf8445881f1879;p=platal.git

diff --git a/modules/payment.php b/modules/payment.php
index 3c94da0..66c56b2 100644
--- a/modules/payment.php
+++ b/modules/payment.php
@@ -108,8 +108,8 @@ class PaymentModule extends PLModule
             'payment'                      => $this->make_hook('payment',          AUTH_PUBLIC, 'user'),
             'payment/cyber2_return'        => $this->make_hook('cyber2_return',    AUTH_PUBLIC, 'user', NO_HTTPS),
             'payment/paypal_return'        => $this->make_hook('paypal_return',    AUTH_PUBLIC, 'user', NO_HTTPS),
-            '%grp/paiement'                => $this->make_hook('xnet_payment',     AUTH_PASSWD, 'user'),
-            '%grp/payment'                 => $this->make_hook('xnet_payment',     AUTH_PASSWD, 'user'),
+            '%grp/paiement'                => $this->make_hook('xnet_payment',     AUTH_PUBLIC, 'user'),
+            '%grp/payment'                 => $this->make_hook('xnet_payment',     AUTH_PUBLIC, 'user'),
             '%grp/payment/csv'             => $this->make_hook('payment_csv',      AUTH_PASSWD, 'groupadmin'),
             '%grp/payment/cyber2_return'   => $this->make_hook('cyber2_return',    AUTH_PUBLIC, 'user', NO_HTTPS),
             '%grp/payment/paypal_return'   => $this->make_hook('paypal_return',    AUTH_PUBLIC, 'user', NO_HTTPS),
@@ -162,6 +162,7 @@ class PaymentModule extends PLModule
             } else {
                 $pay->init($val, $meth);
                 $pay->prepareform($user);
+                $page->assign('full_name', $user->fullName(true));
                 $page->assign('sex', $user->isFemale());
             }
         } elseif (S::logged()) {
@@ -415,7 +416,7 @@ class PaymentModule extends PLModule
         global $globals;
 
         $perms = S::v('perms');
-        if (!$perms->hasFlag('groupmember')) {
+        if (!(S::identified() && $perms->hasFlag('groupmember'))) {
             if (is_null($pid)) {
                 return PL_FORBIDDEN;
             }
@@ -424,7 +425,12 @@ class PaymentModule extends PLModule
                            INNER JOIN  group_event_participants AS ep ON (ep.eid = e.eid AND ep.uid = {?})
                                 WHERE  e.paiement_id = {?} AND e.asso_id = {?}",
                               S::i('uid'), $pid, $globals->asso('id'));
-            if ($res->numRows() == 0) {
+            $public = XDB::query("SELECT  1
+                                    FROM  payments     AS p
+                              INNER JOIN  group_events AS g ON (g.paiement_id = p.id)
+                                   WHERE  g.asso_id = {?} AND p.id = {?} AND FIND_IN_SET('public', p.flags)",
+                                 $globals->asso('id'), $pid);
+            if ($res->numRows() == 0 && $public->numRows() == 0) {
                 return PL_FORBIDDEN;
             }
         }