AASA#41346 verwijderen bezetting controleert verkeerd op autorisaties.

svn path=/Website/branches/v2017.1/; revision=34683

APPL/ALG/alg_delete.asp

@@ -35,6 +35,7 @@ var autfunction = {D : "WEB_ALGMAN",
                    PW: "WEB_PRSBOF"}[level];
 
 var authParams = user.checkAutorisation(autfunction);
+
 var authparamsAlg = alg.checkAutorisation();
 
 var tobedeleted = 0;
@@ -72,7 +73,13 @@ for (var i = 0; i < dis_key_arr.length; i++)
                canDelete = alg.canWriteRuimte(oRs("alg_ruimte_key").Value, authparamsAlg.mALGwritelevel);
                oRs.Close()
                break;
-    case "PW": canDelete = authparamsAlg.ALGwritelevel < 9;
+    case "PW": var sql = "SELECT alg_ruimte_key"
+                       + "  FROM prs_v_werkplek_gegevens w, prs_perslidwerkplek pw"
+                       + " WHERE pw.prs_werkplek_key = w.prs_werkplek_key"
+                       + "   AND prs_perslidwerkplek_key = " + dis_key_arr[i];
+               oRs = Oracle.Execute(sql);
+               canDelete = alg.func_enabled_ruimte(oRs("alg_ruimte_key").Value).canPRSBOFwrite;
+               oRs.Close()
                break;
   }