From 958c149d8548d87e3dcaddb9a62934460e2686fd Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 1 Feb 2023 03:39:40 +0100 Subject: [PATCH] Fix permission to delete a website --- htdocs/website/index.php | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/htdocs/website/index.php b/htdocs/website/index.php index d7e01018550..3aa1b622f6e 100644 --- a/htdocs/website/index.php +++ b/htdocs/website/index.php @@ -345,7 +345,7 @@ if ($mode == 'replacesite') { $usercanedit = $user->rights->website->write; $permissiontoadd = $user->rights->website->write; // Used by the include of actions_addupdatedelete.inc.php and actions_linkedfiles -$permissiontodelete = $user->rights->website->delete; +$permissiontodelete = $user->hasRight('website', 'delete'); /* @@ -2934,14 +2934,20 @@ if (!GETPOST('hide_websitemenu')) { print ''; // Delete website - if ($website->status == $website::STATUS_VALIDATED) { + if (!$permissiontodelete) { $disabled = ' disabled="disabled"'; - $title = $langs->trans("WebsiteMustBeDisabled", $langs->transnoentitiesnoconv($website->LibStatut(0, 0))); + $title = $langs->trans("NotEnoughPermissions"); $url = '#'; } else { - $disabled = ''; - $title = $langs->trans("Delete"); - $url = $_SERVER["PHP_SELF"].'?action=deletesite&token='.newToken().'&website='.urlencode($website->ref); + if ($website->status == $website::STATUS_VALIDATED) { + $disabled = ' disabled="disabled"'; + $title = $langs->trans("WebsiteMustBeDisabled", $langs->transnoentitiesnoconv($website->LibStatut(0, 0))); + $url = '#'; + } else { + $disabled = ''; + $title = $langs->trans("Delete"); + $url = $_SERVER["PHP_SELF"].'?action=deletesite&token='.newToken().'&website='.urlencode($website->ref); + } } print ''.img_picto('', 'delete', 'class=""').''.$langs->trans("Delete").'';