[Koha-patches] [PATCH] Fix for Bug 5974 - Bogus auth check for "StaffMember" role

Owen Leonard oleonard at myacpl.org
Mon Mar 28 20:10:25 CEST 2011 

Also removing some YAHOO.widget.Button declarations which
are redundant.
---
 .../prog/en/includes/circ-toolbar.inc              |   27 +++-----------------
 .../prog/en/includes/members-toolbar.inc           |    8 +----
 2 files changed, 6 insertions(+), 29 deletions(-)

diff --git a/koha-tmpl/intranet-tmpl/prog/en/includes/circ-toolbar.inc b/koha-tmpl/intranet-tmpl/prog/en/includes/circ-toolbar.inc
index e14590d..ce354b1 100644
--- a/koha-tmpl/intranet-tmpl/prog/en/includes/circ-toolbar.inc
+++ b/koha-tmpl/intranet-tmpl/prog/en/includes/circ-toolbar.inc
@@ -63,12 +63,8 @@ function update_child() {
 	
 		var moremenu = [
 			{ text: _("Renew Patron"),  onclick: { fn: confirm_reregistration } },
-            { text: _("Set Permissions"), url: "/cgi-bin/koha/members/member-flags.pl?member=<!-- TMPL_VAR NAME="borrowernumber" -->"
-                <!-- TMPL_IF NAME="CAN_user_permissions" --><!-- TMPL_IF NAME="StaffMember" -->
-                    <!-- TMPL_UNLESS NAME="CAN_user_staffaccess" -->, disabled: true<!-- /TMPL_UNLESS-->
-                    <!-- TMPL_ELSE --><!-- /TMPL_IF -->
-                <!-- TMPL_ELSE -->, disabled: true<!-- /TMPL_IF-->},
-            { text: _("Delete"), <!-- TMPL_IF NAME="StaffMember" --><!-- TMPL_UNLESS NAME="CAN_user_staffaccess" -->disabled: true, <!-- /TMPL_UNLESS --><!-- TMPL_ELSE --><!-- TMPL_UNLESS NAME="CAN_user_borrowers" -->disabled: true, <!-- /TMPL_UNLESS --><!-- /TMPL_IF --> onclick: { fn: confirm_deletion } },
+			{ text: _("Set Permissions"), url: "/cgi-bin/koha/members/member-flags.pl?member=<!-- TMPL_VAR NAME="borrowernumber" -->"<!-- TMPL_UNLESS NAME="CAN_user_permissions" -->, disabled: true<!-- /TMPL_UNLESS -->},
+            { text: _("Delete"), <!-- TMPL_UNLESS NAME="CAN_user_borrowers" -->disabled: true, <!-- /TMPL_UNLESS --> onclick: { fn: confirm_deletion } },
 			{ text: _("Update Child to Adult Patron") , onclick: { fn: update_child }<!-- TMPL_UNLESS NAME="is_child" -->, disabled: true<!-- /TMPL_UNLESS -->}
 		];
 
@@ -97,22 +93,9 @@ function update_child() {
 	    <!-- TMPL_IF name="adultborrower" -->new YAHOO.widget.Button("addchild");<!-- /TMPL_IF -->
 	    new YAHOO.widget.Button("editpatron");
 	    new YAHOO.widget.Button("addnote");
-        <!-- TMPL_IF NAME="StaffMember" --><!-- TMPL_IF NAME="CAN_user_staffaccess" --> new YAHOO.widget.Button("changepassword");  <!-- /TMPL_IF-->
-            <!-- TMPL_ELSE--> new YAHOO.widget.Button("changepassword"); <!-- /TMPL_IF -->
+        <!-- TMPL_IF NAME="CAN_user_staffaccess" --> new YAHOO.widget.Button("changepassword");  <!-- /TMPL_IF-->
 	    new YAHOO.widget.Button("printslip");
 		new YAHOO.widget.Button("printpage");
-	    new YAHOO.widget.Button("renewpatron");
-        <!-- TMPL_IF NAME="CAN_user_permissions" -->
-          <!-- TMPL_IF NAME="StaffMember" -->
-            <!-- TMPL_IF NAME="CAN_user_staffaccess" -->
-              new YAHOO.widget.Button("patronflags");
-            <!-- /TMPL_IF -->
-          <!-- TMPL_ELSE-->
-          new YAHOO.widget.Button("patronflags");
-          <!-- /TMPL_IF -->
-        <!-- /TMPL_IF -->
-        <!-- TMPL_IF NAME="StaffMember" --><!-- TMPL_UNLESS NAME="CAN_user_staffaccess" -->new YAHOO.widget.Button("deletepatron");<!-- /TMPL_UNLESS -->
-            <!-- TMPL_ELSE -->new YAHOO.widget.Button("deletepatron");<!-- /TMPL_IF -->
 	}
 
 	//]]>
@@ -135,9 +118,7 @@ function update_child() {
 	<!-- /TMPL_IF -->
 	<!-- TMPL_IF NAME="CAN_user_borrowers" -->
 	<!-- TMPL_IF name="adultborrower" --><li><a id="addchild" href="/cgi-bin/koha/members/memberentry.pl?op=add&amp;guarantorid=<!-- TMPL_VAR NAME="borrowernumber" -->&amp;category_type=C">Add child</a></li><!-- /TMPL_IF -->
-<!-- TMPL_IF NAME="StaffMember" --><!-- TMPL_IF NAME="CAN_user_staffaccess" --> <li><a id="changepassword" href="/cgi-bin/koha/members/member-password.pl?member=<!-- TMPL_VAR NAME="borrowernumber" -->">Change Password</a></li><!-- /TMPL_IF-->
-          <!-- TMPL_ELSE--> <li><a id="changepassword" href="/cgi-bin/koha/members/member-password.pl?member=<!-- TMPL_VAR NAME="borrowernumber" -->">Change Password</a></li><!-- /TMPL_IF -->	
-	  <!-- /TMPL_IF -->
+	<!-- TMPL_IF NAME="CAN_user_staffaccess" --> <li><a id="changepassword" href="/cgi-bin/koha/members/member-password.pl?member=<!-- TMPL_VAR NAME="borrowernumber" -->">Change Password</a></li><!-- /TMPL_IF-->
 	<li id="printmenuc"><a id="printpage" href="/cgi-bin/koha/members/moremember.pl?borrowernumber=<!-- TMPL_VAR NAME="borrowernumber" -->&amp;print=page">Print Page</a></li>
 	<li><a id="printslip" href="/cgi-bin/koha/members/moremember.pl?borrowernumber=<!-- TMPL_VAR NAME="borrowernumber" -->&amp;print=slip">Print Slip</a></li>
 	<li id="searchtoholdc"><a id="searchtohold" href="#">Search to hold</a></li>
diff --git a/koha-tmpl/intranet-tmpl/prog/en/includes/members-toolbar.inc b/koha-tmpl/intranet-tmpl/prog/en/includes/members-toolbar.inc
index c079cb9..2b41820 100644
--- a/koha-tmpl/intranet-tmpl/prog/en/includes/members-toolbar.inc
+++ b/koha-tmpl/intranet-tmpl/prog/en/includes/members-toolbar.inc
@@ -91,14 +91,10 @@ function update_child() {
 	    <!-- TMPL_IF name="adultborrower" -->new YAHOO.widget.Button("addchild");<!-- /TMPL_IF -->
 	    new YAHOO.widget.Button("editpatron");
 	    new YAHOO.widget.Button("addnote");
-	    new YAHOO.widget.Button("changepassword");
+        <!-- TMPL_IF NAME="CAN_user_staffaccess" --> new YAHOO.widget.Button("changepassword");  <!-- /TMPL_IF-->
 	    new YAHOO.widget.Button("duplicate");
 	    new YAHOO.widget.Button("printslip");
 		new YAHOO.widget.Button("printpage");
-	    new YAHOO.widget.Button("renewpatron");
-		new YAHOO.widget.Button("patronflags");
-		new YAHOO.widget.Button("deletepatron");
-		new YAHOO.widget.Button("updatechild");
 	}
 
 	//]]>
@@ -119,7 +115,7 @@ function update_child() {
             <!-- /TMPL_IF -->
         <!-- /TMPL_IF -->
 	<!-- TMPL_IF name="adultborrower" --><li><a id="addchild" href="/cgi-bin/koha/members/memberentry.pl?op=add&amp;guarantorid=<!-- TMPL_VAR NAME="borrowernumber" -->&amp;category_type=C">Add child</a></li><!-- /TMPL_IF -->
-	<li><a id="changepassword" href="/cgi-bin/koha/members/member-password.pl?member=<!-- TMPL_VAR NAME="borrowernumber" -->">Change Password</a></li>
+	<!-- TMPL_IF NAME="CAN_user_staffaccess" --><li><a id="changepassword" href="/cgi-bin/koha/members/member-password.pl?member=<!-- TMPL_VAR NAME="borrowernumber" -->">Change Password</a></li><!-- /TMPL_IF -->
 	<li><a id="duplicate" href="/cgi-bin/koha/members/memberentry.pl?op=duplicate&amp;borrowernumber=<!-- TMPL_VAR NAME="borrowernumber" -->&amp;category_type=<!-- TMPL_VAR NAME="category_type"-->">Duplicate</a></li>
     <li id="printmenuc"><a id="printpage" href="/cgi-bin/koha/members/moremember.pl?borrowernumber=<!-- TMPL_VAR NAME="borrowernumber" -->&amp;print=page">Print Page</a></li>
 	<li><a id="printslip" href="/cgi-bin/koha/members/moremember.pl?borrowernumber=<!-- TMPL_VAR NAME="borrowernumber" -->&amp;print=slip">Print Slip</a></li>
-- 
1.7.3

More information about the Koha-patches mailing list