From a12d8b6815e37a6e1247484b6d89aecbf6a2fd90 Mon Sep 17 00:00:00 2001
From: Matthew Wilson <matt@plainblack.com>
Date: Thu, 27 Apr 2006 13:49:37 +0000
Subject: [PATCH] visitors shouldn't be allowed to view their purchases

---
 lib/WebGUI/Asset/Wobject/EventManagementSystem.pm | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/WebGUI/Asset/Wobject/EventManagementSystem.pm b/lib/WebGUI/Asset/Wobject/EventManagementSystem.pm
index 27a259624..6befc13f2 100644
--- a/lib/WebGUI/Asset/Wobject/EventManagementSystem.pm
+++ b/lib/WebGUI/Asset/Wobject/EventManagementSystem.pm
@@ -1951,6 +1951,7 @@ Method to display list of purchases.  Event admins can see everyone's purchases.
 
 sub www_managePurchases {
 	my $self = shift;
+	return $self->session->privilege->insufficient if $self->session->var->get('userId') eq '1';
 	my %var = $self->get();
 	my $isAdmin = $self->canAddEvents;