[Koha-patches] [PATCH 22/55] MT2582: Fix user deletion without permission

Henri-Damien LAURENT henridamien.laurent at biblibre.com
Wed Mar 10 22:26:04 CET 2010 

From: Matthias Meusburger <matthias.meusburger at biblibre.com>

Signed-off-by: Henri-Damien LAURENT <henridamien.laurent at biblibre.com>
---
 .../prog/en/includes/circ-toolbar.inc              |    2 +-
 members/deletemem.pl                               |    8 ++++++++
 2 files changed, 9 insertions(+), 1 deletions(-)

diff --git a/koha-tmpl/intranet-tmpl/prog/en/includes/circ-toolbar.inc b/koha-tmpl/intranet-tmpl/prog/en/includes/circ-toolbar.inc
index 4306fce..47815d7 100644
--- a/koha-tmpl/intranet-tmpl/prog/en/includes/circ-toolbar.inc
+++ b/koha-tmpl/intranet-tmpl/prog/en/includes/circ-toolbar.inc
@@ -64,7 +64,7 @@ function update_child() {
                     <!-- TMPL_UNLESS NAME="CAN_user_staffaccess" -->, disabled: true<!-- /TMPL_UNLESS-->
                     <!-- TMPL_ELSE --><!-- /TMPL_IF -->
                 <!-- TMPL_ELSE -->, disabled: true<!-- /TMPL_IF-->},
-            { text: _("Delete"), <!-- TMPL_IF NAME="StaffMember" --><!-- TMPL_UNLESS NAME="CAN_user_staffaccess" -->disabled: true, <!-- /TMPL_UNLESS --><!-- /TMPL_IF --> onclick: { fn: confirm_deletion } },
+            { text: _("Delete"), <!-- TMPL_IF NAME="StaffMember" --><!-- TMPL_UNLESS NAME="CAN_user_staffaccess" -->disabled: true, <!-- /TMPL_UNLESS --><!-- TMPL_ELSE --><!-- TMPL_UNLESS NAME="CAN_user_borrowers" -->disabled: true, <!-- /TMPL_UNLESS --><!-- /TMPL_IF --> onclick: { fn: confirm_deletion } },
 			{ text: _("Update Child to Adult Patron") , onclick: { fn: update_child }<!-- TMPL_UNLESS NAME="is_child" -->, disabled: true<!-- /TMPL_UNLESS -->}
 		];
 
diff --git a/members/deletemem.pl b/members/deletemem.pl
index eea47b0..fa3cad3 100755
--- a/members/deletemem.pl
+++ b/members/deletemem.pl
@@ -49,11 +49,19 @@ my $countissues = scalar(@$issues);
 my ($bor)=GetMemberDetails($member,'');
 my $flags=$bor->{flags};
 my $userenv = C4::Context->userenv;
+
+ 
+
 if ($bor->{category_type} eq "S") {
     unless(C4::Auth::haspermission($userenv->{'id'},{'staffaccess'=>1})) {
         print $input->redirect("/cgi-bin/koha/members/moremember.pl?borrowernumber=$member&error=CANT_DELETE_STAFF");
         exit 1;
     }
+} else {
+    unless(C4::Auth::haspermission($userenv->{'id'},{'borrowers'=>1})) {
+	print $input->redirect("/cgi-bin/koha/members/moremember.pl?borrowernumber=$member&error=CANT_DELETE");
+	exit 1;
+    }
 }
 
 if (C4::Context->preference("IndependantBranches")) {
-- 
1.6.3.3

More information about the Koha-patches mailing list