Don't allow user with ACL 'View Event Participants' to change fee selections

author Matthew Wire <devel@mrwire.co.uk>

Tue, 29 Sep 2015 22:10:12 +0000 (23:10 +0100)

committer Matthew Wire <devel@mrwire.co.uk>

Tue, 29 Sep 2015 22:10:12 +0000 (23:10 +0100)
author Matthew Wire <devel@mrwire.co.uk>
Tue, 29 Sep 2015 22:10:12 +0000 (23:10 +0100)
committer Matthew Wire <devel@mrwire.co.uk>
Tue, 29 Sep 2015 22:10:12 +0000 (23:10 +0100)
diff --git a/templates/CRM/Event/Form/ParticipantView.tpl b/templates/CRM/Event/Form/ParticipantView.tpl

index 53acc4cd6d4cb5308cfb76288692d35e6fe1901a..2d768f6dab328e216db2ca2b9cc50d261f4b2b24 100644 (file)
--- a/templates/CRM/Event/Form/ParticipantView.tpl
+++ b/templates/CRM/Event/Form/ParticipantView.tpl
@@ -109,8 +109,10 @@
              {if $lineItem}
                  <td class="label">{ts}Selections{/ts}</td>
                  <td>{include file="CRM/Price/Page/LineItem.tpl" context="Event"}
-                {if $hasPayment or $parentHasPayment}
-                   <a class="action-item crm-hover-button" href='{crmURL p="civicrm/event/participant/feeselection" q="reset=1&id=`$participantId`&cid=`$contactId`&action=update"}'><span class="icon ui-icon-pencil"></span> {ts}Change Selections{/ts}</a>
+                {if call_user_func(array('CRM_Core_Permission','check'), 'edit event participants')}
+                    {if $hasPayment or $parentHasPayment}
+                        <a class="action-item crm-hover-button" href='{crmURL p="civicrm/event/participant/feeselection" q="reset=1&id=`$participantId`&cid=`$contactId`&action=update"}'><span class="icon ui-icon-pencil"></span> {ts}Change Selections{/ts}</a>
+                    {/if}
                  {/if}
                  </td>
              {else}
author	Matthew Wire <devel@mrwire.co.uk>
	Tue, 29 Sep 2015 22:10:12 +0000 (23:10 +0100)
committer	Matthew Wire <devel@mrwire.co.uk>
	Tue, 29 Sep 2015 22:10:12 +0000 (23:10 +0100)