From: Florent Bruneau Date: Fri, 28 Sep 2007 21:29:08 +0000 (+0200) Subject: Grant payment access to the non-members of a group who did subscribe to an X-Git-Tag: xorg/0.9.15~99 X-Git-Url: http://git.polytechnique.org/?a=commitdiff_plain;h=45a5307bafca8cee103f8d31e22984db81c28e7a;p=platal.git Grant payment access to the non-members of a group who did subscribe to an event Signed-off-by: Florent Bruneau --- diff --git a/modules/payment.php b/modules/payment.php index 6cd2b14..d71b26d 100644 --- a/modules/payment.php +++ b/modules/payment.php @@ -80,8 +80,8 @@ class PaymentModule extends PLModule 'payment' => $this->make_hook('payment', AUTH_MDP), 'payment/cyber_return' => $this->make_hook('cyber_return', AUTH_PUBLIC), 'payment/paypal_return' => $this->make_hook('paypal_return', AUTH_PUBLIC), - '%grp/paiement' => $this->make_hook('xnet_payment', AUTH_MDP, 'groupmember'), - '%grp/payment' => $this->make_hook('xnet_payment', AUTH_MDP, 'groupmember'), + '%grp/paiement' => $this->make_hook('xnet_payment', AUTH_MDP), + '%grp/payment' => $this->make_hook('xnet_payment', AUTH_MDP), '%grp/payment/cyber_return' => $this->make_hook('cyber_return', AUTH_PUBLIC), '%grp/payment/paypal_return' => $this->make_hook('paypal_return', AUTH_PUBLIC), 'admin/payments' => $this->make_hook('admin', AUTH_MDP, 'admin'), @@ -338,6 +338,21 @@ class PaymentModule extends PLModule { global $globals; + $perms = S::v('perms'); + if (!$perms->hasFlag('groupmember')) { + if (is_null($pid)) { + return PL_FORBIDDEN; + } + $res = XDB::query("SELECT 1 + FROM groupex.evenements AS e + INNER JOIN groupex.evenements_participants AS ep ON (ep.eid = e.eid AND uid = {?}) + WHERE e.paiement_id = {?} AND e.asso_id = {?}", + S::i('uid'), $pid, $globals->asso('id')); + if ($res->numRows() == 0) { + return PL_FORBIDDEN; + } + } + if (!is_null($pid)) { return $this->handler_payment($page, $pid); }