[Koha-patches] [PATCH 22/55] MT2582: Fix user deletion without permission
Henri-Damien LAURENT
henridamien.laurent at biblibre.com
Wed Mar 10 22:26:04 CET 2010
From: Matthias Meusburger <matthias.meusburger at biblibre.com>
Signed-off-by: Henri-Damien LAURENT <henridamien.laurent at biblibre.com>
---
.../prog/en/includes/circ-toolbar.inc | 2 +-
members/deletemem.pl | 8 ++++++++
2 files changed, 9 insertions(+), 1 deletions(-)
diff --git a/koha-tmpl/intranet-tmpl/prog/en/includes/circ-toolbar.inc b/koha-tmpl/intranet-tmpl/prog/en/includes/circ-toolbar.inc
index 4306fce..47815d7 100644
--- a/koha-tmpl/intranet-tmpl/prog/en/includes/circ-toolbar.inc
+++ b/koha-tmpl/intranet-tmpl/prog/en/includes/circ-toolbar.inc
@@ -64,7 +64,7 @@ function update_child() {
<!-- TMPL_UNLESS NAME="CAN_user_staffaccess" -->, disabled: true<!-- /TMPL_UNLESS-->
<!-- TMPL_ELSE --><!-- /TMPL_IF -->
<!-- TMPL_ELSE -->, disabled: true<!-- /TMPL_IF-->},
- { text: _("Delete"), <!-- TMPL_IF NAME="StaffMember" --><!-- TMPL_UNLESS NAME="CAN_user_staffaccess" -->disabled: true, <!-- /TMPL_UNLESS --><!-- /TMPL_IF --> onclick: { fn: confirm_deletion } },
+ { text: _("Delete"), <!-- TMPL_IF NAME="StaffMember" --><!-- TMPL_UNLESS NAME="CAN_user_staffaccess" -->disabled: true, <!-- /TMPL_UNLESS --><!-- TMPL_ELSE --><!-- TMPL_UNLESS NAME="CAN_user_borrowers" -->disabled: true, <!-- /TMPL_UNLESS --><!-- /TMPL_IF --> onclick: { fn: confirm_deletion } },
{ text: _("Update Child to Adult Patron") , onclick: { fn: update_child }<!-- TMPL_UNLESS NAME="is_child" -->, disabled: true<!-- /TMPL_UNLESS -->}
];
diff --git a/members/deletemem.pl b/members/deletemem.pl
index eea47b0..fa3cad3 100755
--- a/members/deletemem.pl
+++ b/members/deletemem.pl
@@ -49,11 +49,19 @@ my $countissues = scalar(@$issues);
my ($bor)=GetMemberDetails($member,'');
my $flags=$bor->{flags};
my $userenv = C4::Context->userenv;
+
+
+
if ($bor->{category_type} eq "S") {
unless(C4::Auth::haspermission($userenv->{'id'},{'staffaccess'=>1})) {
print $input->redirect("/cgi-bin/koha/members/moremember.pl?borrowernumber=$member&error=CANT_DELETE_STAFF");
exit 1;
}
+} else {
+ unless(C4::Auth::haspermission($userenv->{'id'},{'borrowers'=>1})) {
+ print $input->redirect("/cgi-bin/koha/members/moremember.pl?borrowernumber=$member&error=CANT_DELETE");
+ exit 1;
+ }
}
if (C4::Context->preference("IndependantBranches")) {
--
1.6.3.3
More information about the Koha-patches
mailing list