[Koha-patches] [PATCH] Bug 6824 - correctly check basket viewing permissions
Robin Sheat
robin at catalyst.net.nz
Wed Aug 31 05:28:48 CEST 2011
Previously you couldn't view baskets that you hadn't created, unless you
were superlibrarian due to a bug. Now people with the right permissions
can see the baskets.
Applies to both 3.04.04 and master.
---
acqui/basket.pl | 2 +-
acqui/booksellers.pl | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/acqui/basket.pl b/acqui/basket.pl
index 303684c..988bd67 100755
--- a/acqui/basket.pl
+++ b/acqui/basket.pl
@@ -197,7 +197,7 @@ if ( $op eq 'delete_confirm' ) {
#if the basket is closed,and the user has the permission to edit basketgroups, display a list of basketgroups
my $basketgroups;
my $member = GetMember(borrowernumber => $loggedinuser);
- if ($basket->{closedate} && haspermission({ flagsrequired => { acquisition => 'group_manage'} })) {
+ if ($basket->{closedate} && haspermission({ acquisition => 'group_manage'} )) {
$basketgroups = GetBasketgroups($basket->{booksellerid});
for my $bg ( @{$basketgroups} ) {
if ($basket->{basketgroupid} && $basket->{basketgroupid} == $bg->{id}){
diff --git a/acqui/booksellers.pl b/acqui/booksellers.pl
index cc5c084..fb6b2f1 100755
--- a/acqui/booksellers.pl
+++ b/acqui/booksellers.pl
@@ -106,7 +106,7 @@ for my $vendor (@suppliers) {
if (( $basket->{authorisedby}
&& $basket->{authorisedby} eq $loggedinuser
)
- || haspermission( $uid, { flagsrequired => { acquisition => q{*} } } )
+ || haspermission( $uid, { acquisition => q{*} } )
) {
for my $date_field (qw( creationdate closedate)) {
if ( $basket->{$date_field} ) {
--
1.7.4.1
More information about the Koha-patches
mailing list