From 6b9636c3b8e1cc9ad1699f167a507b4897e12688 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Thu, 9 Dec 2021 12:54:08 +0100
Subject: [PATCH] FIX deletion of direct debit or credit transfer

---
 htdocs/compta/prelevement/card.php | 4 +++-
 htdocs/core/lib/security.lib.php   | 8 ++++++++
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/htdocs/compta/prelevement/card.php b/htdocs/compta/prelevement/card.php
index a2de75123a0..d35061363a4 100644
--- a/htdocs/compta/prelevement/card.php
+++ b/htdocs/compta/prelevement/card.php
@@ -67,6 +67,7 @@ include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be includ
 $hookmanager->initHooks(array('directdebitprevcard', 'globalcard', 'directdebitprevlist'));
 
 $type = $object->type;
+
 if ($type == 'bank-transfer') {
 	$result = restrictedArea($user, 'paymentbybanktransfer', '', '', '');
 } else {
@@ -86,9 +87,10 @@ if ($reshook < 0) {
 
 if (empty($reshook)) {
 	if ($action == 'confirm_delete') {
+		$savtype = $object->type;
 		$res = $object->delete($user);
 		if ($res > 0) {
-			if ($object->type == 'bank-transfer') {
+			if ($savtype == 'bank-transfer') {
 				header("Location: ".DOL_URL_ROOT.'/compta/paymentbybanktransfer/index.php');
 			} else {
 				header("Location: ".DOL_URL_ROOT.'/compta/prelevement/index.php');
diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php
index 58d69842f66..80150a5c53e 100644
--- a/htdocs/core/lib/security.lib.php
+++ b/htdocs/core/lib/security.lib.php
@@ -566,6 +566,14 @@ function restrictedArea($user, $features, $objectid = 0, $tableandshare = '', $f
 				if (empty($user->rights->adherent->supprimer)) {
 					$deleteok = 0;
 				}
+			} elseif ($feature == 'paymentbybanktransfer') {
+				if (empty($user->rights->paymentbybanktransfer->create)) {	// There is no delete permission
+					$deleteok = 0;
+				}
+			} elseif ($feature == 'prelevement') {
+				if (empty($user->rights->prelevement->bons->creer)) {		// There is no delete permission
+					$deleteok = 0;
+				}
 			} elseif (!empty($feature2)) {							// This is for permissions on 2 levels
 				foreach ($feature2 as $subfeature) {
 					if (empty($user->rights->$feature->$subfeature->supprimer) && empty($user->rights->$feature->$subfeature->delete)) {