From 36c646e33576b7ed5b0fa36a3441d79745e586a1 Mon Sep 17 00:00:00 2001
From: Frank Schubert <fronk@fronk.at>
Date: Tue, 18 Nov 2025 14:37:37 +0100
Subject: [PATCH] Disabled deleting Preorders for non-admins

---
 Layout/default/Preorder/Index.php           | 2 ++
 application/Preorder/PreorderController.php | 4 ++++
 2 files changed, 6 insertions(+)

diff --git a/Layout/default/Preorder/Index.php b/Layout/default/Preorder/Index.php
index 7660a9dc1..d97168da2 100644
--- a/Layout/default/Preorder/Index.php
+++ b/Layout/default/Preorder/Index.php
@@ -1075,6 +1075,8 @@ $pagination_entity_name = "Vorbestellungen";
                                             <?php if(!$me->is(["preorderfront"]) && !$me->is("preorderreadonly")): ?>
                                                 <a href="#" data-home-id="<?=$preorder->adb_wohneinheit_id?>" data-home-contact title="Kontakte bearbeiten"><i class="fas fa-users-cog text-primary"></i></a>
                                                 <a href="<?=self::getUrl("Preorder", "edit", ["id" => $preorder->id])?>"><i class="far fa-edit"  title="Vorbestellung Bearbeiten"></i></a>
+                                            <?php endif; ?>
+                                            <?php if($me->isAdmin()): ?>
                                                 <a href="<?=self::getUrl("Preorder", "delete", ["id" => $preorder->id, "filter" => $filter])?>" class="text-danger" onclick="if(!confirm('Vorbestellung wirklich löschen?')) return false;" title="Vorbestellung Löschen"><i class="fas fa-trash"></i></a>
                                             <?php endif; ?>
                                         </div>
diff --git a/application/Preorder/PreorderController.php b/application/Preorder/PreorderController.php
index 087affdc5..6e6e16c80 100644
--- a/application/Preorder/PreorderController.php
+++ b/application/Preorder/PreorderController.php
@@ -791,6 +791,10 @@ class PreorderController extends mfBaseController {
             $qs = http_build_query($qs);
         }
 
+        if(!$this->me->isAdmin()) {
+            $this->redirect("Preorder", "Index", $qs);
+        }
+
         $id = $this->request->id;
         if(!is_numeric($id) || $id < 1) {
             $this->layout()->setFlash("Vorbestellung nicht gefunden!", "error");