From b699133357510a8cc20e5c296a570a0f8c1dc9f2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marcos=20Garci=CC=81a=20de=20La=20Fuente?=
 <marcosgdf@gmail.com>
Date: Sun, 5 Jan 2014 06:50:56 +0100
Subject: [PATCH] Restricting deletion of polls in poll list

---
 htdocs/opensurvey/list.php | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/htdocs/opensurvey/list.php b/htdocs/opensurvey/list.php
index 8450b82ea3e..de53147a66e 100644
--- a/htdocs/opensurvey/list.php
+++ b/htdocs/opensurvey/list.php
@@ -48,6 +48,9 @@ $offset = $limit * $page;
 
 if ($action == 'delete_confirm')
 {
+	// Security check
+	if (!$user->rights->opensurvey->write) accessforbidden();
+	
 	require_once DOL_DOCUMENT_ROOT.'/opensurvey/class/opensurveysondage.class.php';
 	
 	$db->begin();
@@ -131,7 +134,13 @@ while ($i < min($num,$limit))
 	print '</td>';
 
 	print'<td align="center">'.$nbuser.'</td>'."\n";
-	print '<td align="right"><a href="'.$_SERVER["PHP_SELF"].'?id='.$obj->id_sondage.'&action=delete">'.img_picto('', 'delete.png').'</a></td>'."\n";
+	print '<td align="right">';
+	
+	if ($user->rights->opensurvey->write) {
+		print '<a href="'.$_SERVER["PHP_SELF"].'?id='.$obj->id_sondage.'&action=delete">'.img_picto('', 'delete.png').'</a>';
+	}
+	
+	print '</td>'."\n";
 
 	print '</tr>'."\n";
 	$i++;