FIX deletion of direct debit or credit transfer

htdocs/compta/prelevement/card.php

@@ -67,6 +67,7 @@ include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be includ
 $hookmanager->initHooks(array('directdebitprevcard', 'globalcard', 'directdebitprevlist'));
 
 $type = $object->type;
+
 if ($type == 'bank-transfer') {
 	$result = restrictedArea($user, 'paymentbybanktransfer', '', '', '');
 } else {
@@ -86,9 +87,10 @@ if ($reshook < 0) {
 
 if (empty($reshook)) {
 	if ($action == 'confirm_delete') {
+		$savtype = $object->type;
 		$res = $object->delete($user);
 		if ($res > 0) {
-			if ($object->type == 'bank-transfer') {
+			if ($savtype == 'bank-transfer') {
 				header("Location: ".DOL_URL_ROOT.'/compta/paymentbybanktransfer/index.php');
 			} else {
 				header("Location: ".DOL_URL_ROOT.'/compta/prelevement/index.php');

htdocs/core/lib/security.lib.php

@@ -566,6 +566,14 @@ function restrictedArea($user, $features, $objectid = 0, $tableandshare = '', $f
 				if (empty($user->rights->adherent->supprimer)) {
 					$deleteok = 0;
 				}
+			} elseif ($feature == 'paymentbybanktransfer') {
+				if (empty($user->rights->paymentbybanktransfer->create)) {	// There is no delete permission
+					$deleteok = 0;
+				}
+			} elseif ($feature == 'prelevement') {
+				if (empty($user->rights->prelevement->bons->creer)) {		// There is no delete permission
+					$deleteok = 0;
+				}
 			} elseif (!empty($feature2)) {							// This is for permissions on 2 levels
 				foreach ($feature2 as $subfeature) {
 					if (empty($user->rights->$feature->$subfeature->supprimer) && empty($user->rights->$feature->$subfeature->delete)) {