[Koha-patches] [PATCH] Fix for Bug 5974 - Bogus auth check for "StaffMember" role
Chris Cormack
chrisc at catalyst.net.nz
Fri Jul 8 04:57:41 CEST 2011
From: Owen Leonard <oleonard at myacpl.org>
Also removing some YAHOO.widget.Button declarations which
are redundant.
---
.../prog/en/includes/circ-toolbar.inc | 30 +++----------------
.../prog/en/includes/members-toolbar.inc | 8 +----
2 files changed, 7 insertions(+), 31 deletions(-)
diff --git a/koha-tmpl/intranet-tmpl/prog/en/includes/circ-toolbar.inc b/koha-tmpl/intranet-tmpl/prog/en/includes/circ-toolbar.inc
index 503f954..972393d 100644
--- a/koha-tmpl/intranet-tmpl/prog/en/includes/circ-toolbar.inc
+++ b/koha-tmpl/intranet-tmpl/prog/en/includes/circ-toolbar.inc
@@ -63,13 +63,9 @@ function update_child() {
var moremenu = [
{ text: _("Renew Patron"), onclick: { fn: confirm_reregistration } },
- { text: _("Set Permissions"), url: "/cgi-bin/koha/members/member-flags.pl?member=[% borrowernumber %]"
- [% IF ( CAN_user_permissions ) %][% IF ( StaffMember ) %]
- [% UNLESS ( CAN_user_staffaccess ) %], disabled: true[% END %]
- [% ELSE %][% END %]
- [% ELSE %], disabled: true[% END %]},
- { text: _("Delete"), [% IF ( StaffMember ) %][% UNLESS ( CAN_user_staffaccess ) %]disabled: true, [% END %][% ELSE %][% UNLESS ( CAN_user_borrowers ) %]disabled: true, [% END %][% END %] onclick: { fn: confirm_deletion } },
- { text: _("Update Child to Adult Patron") , onclick: { fn: update_child }[% UNLESS ( is_child ) %], disabled: true[% END %]}
+ { text: _("Set Permissions"), url: "/cgi-bin/koha/members/member-flags.pl?member=[% borrowernumber %]"[% UNLESS CAN_user_permissions %], disabled: true[% END %]},
+ { text: _("Delete"), [% UNLESS CAN_user_borrowers %]disabled: true, [% END %] onclick: { fn: confirm_deletion } },
+ { text: _("Update Child to Adult Patron") , onclick: { fn: update_child }[% UNLESS is_child" %], disabled: true[% END %]}
];
new YAHOO.widget.Button({
@@ -97,23 +93,9 @@ function update_child() {
[% IF ( adultborrower ) %]new YAHOO.widget.Button("addchild");[% END %]
new YAHOO.widget.Button("editpatron");
new YAHOO.widget.Button("addnote");
- [% IF ( StaffMember ) %][% IF ( CAN_user_staffaccess ) %] new YAHOO.widget.Button("changepassword"); [% END %]
- [% ELSE %] new YAHOO.widget.Button("changepassword"); [% END %]
- new YAHOO.widget.Button("duplicate");
+ [% IF CAN_user_staffaccess %] new YAHOO.widget.Button("changepassword"); [% END %]
new YAHOO.widget.Button("printslip");
new YAHOO.widget.Button("printpage");
- new YAHOO.widget.Button("renewpatron");
- [% IF ( CAN_user_permissions ) %]
- [% IF ( StaffMember ) %]
- [% IF ( CAN_user_staffaccess ) %]
- new YAHOO.widget.Button("patronflags");
- [% END %]
- [% ELSE %]
- new YAHOO.widget.Button("patronflags");
- [% END %]
- [% END %]
- [% IF ( StaffMember ) %][% UNLESS ( CAN_user_staffaccess ) %]new YAHOO.widget.Button("deletepatron");[% END %]
- [% ELSE %]new YAHOO.widget.Button("deletepatron");[% END %]
}
//]]>
@@ -136,9 +118,7 @@ function update_child() {
[% END %]
[% IF ( CAN_user_borrowers ) %]
[% IF ( adultborrower ) %]<li><a id="addchild" href="/cgi-bin/koha/members/memberentry.pl?op=add&guarantorid=[% borrowernumber %]&category_type=C">Add child</a></li>[% END %]
-[% IF ( StaffMember ) %][% IF ( CAN_user_staffaccess ) %] <li><a id="changepassword" href="/cgi-bin/koha/members/member-password.pl?member=[% borrowernumber %]">Change Password</a></li>[% END %]
- [% ELSE %] <li><a id="changepassword" href="/cgi-bin/koha/members/member-password.pl?member=[% borrowernumber %]">Change Password</a></li>[% END %]
- [% END %]
+ [% CAN_user_staffaccess %] <li><a id="changepassword" href="/cgi-bin/koha/members/member-password.pl?member=[% borrowernumber %]">Change Password</a></li>[% END %]
<li><a id="duplicate" href="/cgi-bin/koha/members/memberentry.pl?op=duplicate&borrowernumber=[% borrowernumber %]&category_type=[% category_type %]">Duplicate</a></li>
<li id="printmenuc"><a id="printpage" href="/cgi-bin/koha/members/moremember.pl?borrowernumber=[% borrowernumber %]&print=page">Print Page</a></li>
<li><a id="printslip" href="/cgi-bin/koha/members/moremember.pl?borrowernumber=[% borrowernumber %]&print=slip">Print Slip</a></li>
diff --git a/koha-tmpl/intranet-tmpl/prog/en/includes/members-toolbar.inc b/koha-tmpl/intranet-tmpl/prog/en/includes/members-toolbar.inc
index afad863..bc3e920 100644
--- a/koha-tmpl/intranet-tmpl/prog/en/includes/members-toolbar.inc
+++ b/koha-tmpl/intranet-tmpl/prog/en/includes/members-toolbar.inc
@@ -91,14 +91,10 @@ function update_child() {
[% IF ( adultborrower ) %]new YAHOO.widget.Button("addchild");[% END %]
new YAHOO.widget.Button("editpatron");
new YAHOO.widget.Button("addnote");
- new YAHOO.widget.Button("changepassword");
+ [% IF CAN_user_staffaccess %]new YAHOO.widget.Button("changepassword"); [% END %]
new YAHOO.widget.Button("duplicate");
new YAHOO.widget.Button("printslip");
new YAHOO.widget.Button("printpage");
- new YAHOO.widget.Button("renewpatron");
- new YAHOO.widget.Button("patronflags");
- new YAHOO.widget.Button("deletepatron");
- new YAHOO.widget.Button("updatechild");
}
//]]>
@@ -119,7 +115,7 @@ function update_child() {
[% END %]
[% END %]
[% IF ( adultborrower ) %]<li><a id="addchild" href="/cgi-bin/koha/members/memberentry.pl?op=add&guarantorid=[% borrowernumber %]&category_type=C">Add child</a></li>[% END %]
- <li><a id="changepassword" href="/cgi-bin/koha/members/member-password.pl?member=[% borrowernumber %]">Change Password</a></li>
+ [% IF CAN_user_staffaccess %]<li><a id="changepassword" href="/cgi-bin/koha/members/member-password.pl?member=[% borrowernumber %]">Change Password</a></li> [% END %]
<li><a id="duplicate" href="/cgi-bin/koha/members/memberentry.pl?op=duplicate&borrowernumber=[% borrowernumber %]&category_type=[% category_type %]">Duplicate</a></li>
<li id="printmenuc"><a id="printpage" href="/cgi-bin/koha/members/moremember.pl?borrowernumber=[% borrowernumber %]&print=page">Print Page</a></li>
<li><a id="printslip" href="/cgi-bin/koha/members/moremember.pl?borrowernumber=[% borrowernumber %]&print=slip">Print Slip</a></li>
--
1.7.4.1
More information about the Koha-patches
mailing list