From c68a9e6350b9efa9c2c4a56c065778a2b4efb711 Mon Sep 17 00:00:00 2001
From: Anne Limoges <anne.limoges_git@polytechnique.org>
Date: Mon, 18 Feb 2013 09:06:42 +0100
Subject: [PATCH] Change permissions on payment page.

---
 modules/payment.php        | 31 +++++++++++++++++--------------
 templates/payment/xnet.tpl |  2 +-
 2 files changed, 18 insertions(+), 15 deletions(-)
diff --git a/modules/payment.php b/modules/payment.php
index 86d538b..e7afcf0 100644
--- a/modules/payment.php
+++ b/modules/payment.php
@@ -428,22 +428,25 @@ class PaymentModule extends PLModule
         global $globals;
 
         $perms = S::v('perms');
-        if (!(S::identified() && $perms->hasFlag('groupmember'))) {
-            if (is_null($pid)) {
+        if (is_null($pid)) {
+            if (!(S::identified() && $perms->hasFlag('groupadmin'))) {
                 return PL_FORBIDDEN;
             }
-            $res = XDB::query("SELECT  1
-                                 FROM  group_events AS e
-                           INNER JOIN  group_event_participants AS ep ON (ep.eid = e.eid AND ep.uid = {?})
-                                WHERE  e.paiement_id = {?} AND e.asso_id = {?}",
-                              S::i('uid'), $pid, $globals->asso('id'));
-            $public = XDB::query("SELECT  1
-                                    FROM  payments     AS p
-                              INNER JOIN  group_events AS g ON (g.paiement_id = p.id)
-                                   WHERE  g.asso_id = {?} AND p.id = {?} AND FIND_IN_SET('public', p.flags)",
-                                 $globals->asso('id'), $pid);
-            if ($res->numRows() == 0 && $public->numRows() == 0) {
-                return PL_FORBIDDEN;
+        } else {
+            if (!(S::identified() && $perms->hasFlag('groupmember'))) {
+                $res = XDB::query("SELECT  1
+                                     FROM  group_events AS e
+                               INNER JOIN  group_event_participants AS ep ON (ep.eid = e.eid AND ep.uid = {?})
+                                    WHERE  e.paiement_id = {?} AND e.asso_id = {?}",
+                                  S::i('uid'), $pid, $globals->asso('id'));
+                $public = XDB::query("SELECT  1
+                                        FROM  payments     AS p
+                                  INNER JOIN  group_events AS g ON (g.paiement_id = p.id)
+                                       WHERE  g.asso_id = {?} AND p.id = {?} AND FIND_IN_SET('public', p.flags)",
+                                     $globals->asso('id'), $pid);
+                if ($res->numRows() == 0 && $public->numRows() == 0) {
+                    return PL_FORBIDDEN;
+                }
             }
         }
 
diff --git a/templates/payment/xnet.tpl b/templates/payment/xnet.tpl
index 171a5c5..2b51550 100644
--- a/templates/payment/xnet.tpl
+++ b/templates/payment/xnet.tpl
@@ -44,7 +44,7 @@ il suffit de cliquer sur le titre de la colonne concernÃ©e.
 {foreach from=$titles item=p}
 
 <fieldset>
-<legend id="legend_{$p.id}"><a href="{$platal->ns}payment/{$p.id}">{icon name=money title="TÃ©lÃ©paiement"}{$p.text}</a></legend>
+<legend id="legend_{$p.id}">{icon name=money title="TÃ©lÃ©paiement"}{$p.text}</legend>
 
 {if $event[$p.id]}
 {assign var='ev' value=$event[$p.id]}
-- 
2.1.4

