[Koha-patches] [PATCH] Fix for Bug 5974 - Bogus auth check for "StaffMember" role
Owen Leonard
oleonard at myacpl.org
Mon Mar 28 20:10:25 CEST 2011
Also removing some YAHOO.widget.Button declarations which
are redundant.
---
.../prog/en/includes/circ-toolbar.inc | 27 +++-----------------
.../prog/en/includes/members-toolbar.inc | 8 +----
2 files changed, 6 insertions(+), 29 deletions(-)
diff --git a/koha-tmpl/intranet-tmpl/prog/en/includes/circ-toolbar.inc b/koha-tmpl/intranet-tmpl/prog/en/includes/circ-toolbar.inc
index e14590d..ce354b1 100644
--- a/koha-tmpl/intranet-tmpl/prog/en/includes/circ-toolbar.inc
+++ b/koha-tmpl/intranet-tmpl/prog/en/includes/circ-toolbar.inc
@@ -63,12 +63,8 @@ function update_child() {
var moremenu = [
{ text: _("Renew Patron"), onclick: { fn: confirm_reregistration } },
- { text: _("Set Permissions"), url: "/cgi-bin/koha/members/member-flags.pl?member=<!-- TMPL_VAR NAME="borrowernumber" -->"
- <!-- TMPL_IF NAME="CAN_user_permissions" --><!-- TMPL_IF NAME="StaffMember" -->
- <!-- TMPL_UNLESS NAME="CAN_user_staffaccess" -->, disabled: true<!-- /TMPL_UNLESS-->
- <!-- TMPL_ELSE --><!-- /TMPL_IF -->
- <!-- TMPL_ELSE -->, disabled: true<!-- /TMPL_IF-->},
- { text: _("Delete"), <!-- TMPL_IF NAME="StaffMember" --><!-- TMPL_UNLESS NAME="CAN_user_staffaccess" -->disabled: true, <!-- /TMPL_UNLESS --><!-- TMPL_ELSE --><!-- TMPL_UNLESS NAME="CAN_user_borrowers" -->disabled: true, <!-- /TMPL_UNLESS --><!-- /TMPL_IF --> onclick: { fn: confirm_deletion } },
+ { text: _("Set Permissions"), url: "/cgi-bin/koha/members/member-flags.pl?member=<!-- TMPL_VAR NAME="borrowernumber" -->"<!-- TMPL_UNLESS NAME="CAN_user_permissions" -->, disabled: true<!-- /TMPL_UNLESS -->},
+ { text: _("Delete"), <!-- TMPL_UNLESS NAME="CAN_user_borrowers" -->disabled: true, <!-- /TMPL_UNLESS --> onclick: { fn: confirm_deletion } },
{ text: _("Update Child to Adult Patron") , onclick: { fn: update_child }<!-- TMPL_UNLESS NAME="is_child" -->, disabled: true<!-- /TMPL_UNLESS -->}
];
@@ -97,22 +93,9 @@ function update_child() {
<!-- TMPL_IF name="adultborrower" -->new YAHOO.widget.Button("addchild");<!-- /TMPL_IF -->
new YAHOO.widget.Button("editpatron");
new YAHOO.widget.Button("addnote");
- <!-- TMPL_IF NAME="StaffMember" --><!-- TMPL_IF NAME="CAN_user_staffaccess" --> new YAHOO.widget.Button("changepassword"); <!-- /TMPL_IF-->
- <!-- TMPL_ELSE--> new YAHOO.widget.Button("changepassword"); <!-- /TMPL_IF -->
+ <!-- TMPL_IF NAME="CAN_user_staffaccess" --> new YAHOO.widget.Button("changepassword"); <!-- /TMPL_IF-->
new YAHOO.widget.Button("printslip");
new YAHOO.widget.Button("printpage");
- new YAHOO.widget.Button("renewpatron");
- <!-- TMPL_IF NAME="CAN_user_permissions" -->
- <!-- TMPL_IF NAME="StaffMember" -->
- <!-- TMPL_IF NAME="CAN_user_staffaccess" -->
- new YAHOO.widget.Button("patronflags");
- <!-- /TMPL_IF -->
- <!-- TMPL_ELSE-->
- new YAHOO.widget.Button("patronflags");
- <!-- /TMPL_IF -->
- <!-- /TMPL_IF -->
- <!-- TMPL_IF NAME="StaffMember" --><!-- TMPL_UNLESS NAME="CAN_user_staffaccess" -->new YAHOO.widget.Button("deletepatron");<!-- /TMPL_UNLESS -->
- <!-- TMPL_ELSE -->new YAHOO.widget.Button("deletepatron");<!-- /TMPL_IF -->
}
//]]>
@@ -135,9 +118,7 @@ function update_child() {
<!-- /TMPL_IF -->
<!-- TMPL_IF NAME="CAN_user_borrowers" -->
<!-- TMPL_IF name="adultborrower" --><li><a id="addchild" href="/cgi-bin/koha/members/memberentry.pl?op=add&guarantorid=<!-- TMPL_VAR NAME="borrowernumber" -->&category_type=C">Add child</a></li><!-- /TMPL_IF -->
-<!-- TMPL_IF NAME="StaffMember" --><!-- TMPL_IF NAME="CAN_user_staffaccess" --> <li><a id="changepassword" href="/cgi-bin/koha/members/member-password.pl?member=<!-- TMPL_VAR NAME="borrowernumber" -->">Change Password</a></li><!-- /TMPL_IF-->
- <!-- TMPL_ELSE--> <li><a id="changepassword" href="/cgi-bin/koha/members/member-password.pl?member=<!-- TMPL_VAR NAME="borrowernumber" -->">Change Password</a></li><!-- /TMPL_IF -->
- <!-- /TMPL_IF -->
+ <!-- TMPL_IF NAME="CAN_user_staffaccess" --> <li><a id="changepassword" href="/cgi-bin/koha/members/member-password.pl?member=<!-- TMPL_VAR NAME="borrowernumber" -->">Change Password</a></li><!-- /TMPL_IF-->
<li id="printmenuc"><a id="printpage" href="/cgi-bin/koha/members/moremember.pl?borrowernumber=<!-- TMPL_VAR NAME="borrowernumber" -->&print=page">Print Page</a></li>
<li><a id="printslip" href="/cgi-bin/koha/members/moremember.pl?borrowernumber=<!-- TMPL_VAR NAME="borrowernumber" -->&print=slip">Print Slip</a></li>
<li id="searchtoholdc"><a id="searchtohold" href="#">Search to hold</a></li>
diff --git a/koha-tmpl/intranet-tmpl/prog/en/includes/members-toolbar.inc b/koha-tmpl/intranet-tmpl/prog/en/includes/members-toolbar.inc
index c079cb9..2b41820 100644
--- a/koha-tmpl/intranet-tmpl/prog/en/includes/members-toolbar.inc
+++ b/koha-tmpl/intranet-tmpl/prog/en/includes/members-toolbar.inc
@@ -91,14 +91,10 @@ function update_child() {
<!-- TMPL_IF name="adultborrower" -->new YAHOO.widget.Button("addchild");<!-- /TMPL_IF -->
new YAHOO.widget.Button("editpatron");
new YAHOO.widget.Button("addnote");
- new YAHOO.widget.Button("changepassword");
+ <!-- TMPL_IF NAME="CAN_user_staffaccess" --> new YAHOO.widget.Button("changepassword"); <!-- /TMPL_IF-->
new YAHOO.widget.Button("duplicate");
new YAHOO.widget.Button("printslip");
new YAHOO.widget.Button("printpage");
- new YAHOO.widget.Button("renewpatron");
- new YAHOO.widget.Button("patronflags");
- new YAHOO.widget.Button("deletepatron");
- new YAHOO.widget.Button("updatechild");
}
//]]>
@@ -119,7 +115,7 @@ function update_child() {
<!-- /TMPL_IF -->
<!-- /TMPL_IF -->
<!-- TMPL_IF name="adultborrower" --><li><a id="addchild" href="/cgi-bin/koha/members/memberentry.pl?op=add&guarantorid=<!-- TMPL_VAR NAME="borrowernumber" -->&category_type=C">Add child</a></li><!-- /TMPL_IF -->
- <li><a id="changepassword" href="/cgi-bin/koha/members/member-password.pl?member=<!-- TMPL_VAR NAME="borrowernumber" -->">Change Password</a></li>
+ <!-- TMPL_IF NAME="CAN_user_staffaccess" --><li><a id="changepassword" href="/cgi-bin/koha/members/member-password.pl?member=<!-- TMPL_VAR NAME="borrowernumber" -->">Change Password</a></li><!-- /TMPL_IF -->
<li><a id="duplicate" href="/cgi-bin/koha/members/memberentry.pl?op=duplicate&borrowernumber=<!-- TMPL_VAR NAME="borrowernumber" -->&category_type=<!-- TMPL_VAR NAME="category_type"-->">Duplicate</a></li>
<li id="printmenuc"><a id="printpage" href="/cgi-bin/koha/members/moremember.pl?borrowernumber=<!-- TMPL_VAR NAME="borrowernumber" -->&print=page">Print Page</a></li>
<li><a id="printslip" href="/cgi-bin/koha/members/moremember.pl?borrowernumber=<!-- TMPL_VAR NAME="borrowernumber" -->&print=slip">Print Slip</a></li>
--
1.7.3
More information about the Koha-patches
mailing list