From 406089ef0c19a4849b20be460df485f42e41e5e6 Mon Sep 17 00:00:00 2001
From: atm-greg <gregory.blemand@atm-consulting.fr>
Date: Tue, 26 Oct 2021 16:47:16 +0200
Subject: [PATCH 1/3] FIX restrictedArea for payment delete

---
 htdocs/core/lib/security.lib.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php
index da5d9388bd8..03f49188a07 100644
--- a/htdocs/core/lib/security.lib.php
+++ b/htdocs/core/lib/security.lib.php
@@ -493,7 +493,11 @@ function restrictedArea($user, $features, $objectid = 0, $tableandshare = '', $f
 				if (!$user->rights->fournisseur->facture->creer) {
 					$deleteok = 0;
 				}
-			} elseif ($feature == 'banque') {
+			} elseif ($feature == 'payment') {
+                        	if (!$user->rights->facture->supprimer) {
+                                	$deleteok = 0;
+                        	}
+                	}elseif ($feature == 'banque') {
 				if (!$user->rights->banque->modifier) {
 					$deleteok = 0;
 				}

From 6fd08bc5efb1f12209a49abf24dcd35e0779bbed Mon Sep 17 00:00:00 2001
From: stickler-ci <support@stickler-ci.com>
Date: Tue, 26 Oct 2021 14:56:56 +0000
Subject: [PATCH 2/3] Fixing style errors.

---
 htdocs/core/lib/security.lib.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php
index 03f49188a07..852a87baa0b 100644
--- a/htdocs/core/lib/security.lib.php
+++ b/htdocs/core/lib/security.lib.php
@@ -494,10 +494,10 @@ function restrictedArea($user, $features, $objectid = 0, $tableandshare = '', $f
 					$deleteok = 0;
 				}
 			} elseif ($feature == 'payment') {
-                        	if (!$user->rights->facture->supprimer) {
-                                	$deleteok = 0;
-                        	}
-                	}elseif ($feature == 'banque') {
+				if (!$user->rights->facture->supprimer) {
+						$deleteok = 0;
+				}
+			} elseif ($feature == 'banque') {
 				if (!$user->rights->banque->modifier) {
 					$deleteok = 0;
 				}

From 682ad989186f864ca2c0c3a2c51acefcb382e629 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Sun, 31 Oct 2021 17:06:37 +0100
Subject: [PATCH 3/3] Update security.lib.php

---
 htdocs/core/lib/security.lib.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php
index 852a87baa0b..475649701ae 100644
--- a/htdocs/core/lib/security.lib.php
+++ b/htdocs/core/lib/security.lib.php
@@ -489,12 +489,12 @@ function restrictedArea($user, $features, $objectid = 0, $tableandshare = '', $f
 				if (!$user->rights->fournisseur->commande->supprimer) {
 					$deleteok = 0;
 				}
-			} elseif ($feature == 'payment_supplier') {
+			} elseif ($feature == 'payment_supplier') {	// Permission to delete a payment of an invoice is permission to edit an invoice.
 				if (!$user->rights->fournisseur->facture->creer) {
 					$deleteok = 0;
 				}
-			} elseif ($feature == 'payment') {
-				if (!$user->rights->facture->supprimer) {
+			} elseif ($feature == 'payment') {	// Permission to delete a payment of an invoice is permission to edit an invoice.
+				if (!$user->rights->facture->creer) {
 						$deleteok = 0;
 				}
 			} elseif ($feature == 'banque') {