Add Staff member type. Add permissions checks for bug# 1269

and related permissions on memberentry and mods. Signed-off-by: Joshua Ferraro <jmf@liblime.com>
17 years ago · 1a91801b06
9 changed files with 79 additions and 51 deletions
--- a/C4/Members.pm
+++ b/C4/Members.pm
@ -352,6 +352,7 @@ sub GetMemberDetails {
    my $borrower = $sth->fetchrow_hashref;
    my ($amount) = GetMemberAccountRecords( $borrowernumber);
    $borrower->{'amountoutstanding'} = $amount;
+	# FIXME - patronflags calls GetMemberAccountRecords... just have patronflags return $amount
    my $flags = patronflags( $borrower);
    my $accessflagshash;

@ -409,7 +410,7 @@ sub GetMemberDetails {
        {itemlist}    ref-to-array: list of available items

 =cut
-
+# FIXME rename this function.
 sub patronflags {
    my %flags;
    my ( $patroninformation) = @_;
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/categorie.tmpl
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/categorie.tmpl
@ -123,7 +123,8 @@
 	<li><label for="category_type">Category type: </label> &nbsp; <select name="category_type" id="category_type">
 						<!-- TMPL_IF NAME="type_n" --><option value="" selected="selected">Select a Category type</option><!-- TMPL_ELSE --><option value="">Select a Category type</option><!-- /TMPL_IF -->
 					<!-- TMPL_IF NAME="type_A" --><option value="A" selected="selected">Adult</option><!-- TMPL_ELSE --><option value="A">Adult</option><!-- /TMPL_IF -->
-					<!-- TMPL_IF NAME="type_C" --><option value="C" selected="selected">Children</option><!-- TMPL_ELSE --><option value="C">Children</option><!-- /TMPL_IF -->
+					<!-- TMPL_IF NAME="type_C" --><option value="C" selected="selected">Child</option><!-- TMPL_ELSE --><option value="C">Child</option><!-- /TMPL_IF -->
+					<!-- TMPL_IF NAME="type_S" --><option value="S" selected="selected">Staff</option><!-- TMPL_ELSE --><option value="S">Staff</option><!-- /TMPL_IF -->
 					<!-- TMPL_IF NAME="type_I" --><option value="I" selected="selected">Organisation</option><!-- TMPL_ELSE --><option value="I">Organisation</option><!-- /TMPL_IF -->
 					<!-- TMPL_IF NAME="type_P" --><option value="P" selected="selected">Professional</option><!-- TMPL_ELSE --><option value="P">Professional</option><!-- /TMPL_IF -->
 					</select>
@ -230,6 +231,7 @@ Confirm Deletion of Category <!-- TMPL_VAR NAME="categorycode" --><!-- /TMPL_IF
                            <!-- TMPL_IF NAME="type_C" -->Child<!-- /TMPL_IF -->
                            <!-- TMPL_IF NAME="type_P" -->Prof.<!-- /TMPL_IF -->
                            <!-- TMPL_IF NAME="type_I" -->Org.<!-- /TMPL_IF -->
+                            <!-- TMPL_IF NAME="type_S" -->Staff<!-- /TMPL_IF -->
                        </td>
                        <td><!-- TMPL_VAR NAME="enrolmentperiod" --> months</td>
                        <td><!-- TMPL_VAR NAME="dateofbirthrequired" --> years</td>
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/members/member-password.tmpl
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/members/member-password.tmpl
@ -23,8 +23,16 @@
 <form method="post" action="/cgi-bin/koha/members/member-password.pl">
 <input type="hidden" name="destination" value="<!-- TMPL_VAR NAME="destination" -->">	
 <input type="hidden" name="cardnumber" value="<!-- TMPL_VAR NAME="cardnumber" -->">	
-	<!-- TMPL_IF NAME="warn" -->
+	<!-- TMPL_IF NAME="errormsg" -->
+		<!-- TMPL_IF NAME="BADUSERID" -->
 		<p class="warning">You have entered a User ID that already exists.  Please choose another one.</p>
+		<!-- /TMPL_IF -->
+		<!-- TMPL_IF NAME="SHORTPASSWORD" -->
+		<p class="warning">The Password entered is too short.</p>
+		<!-- /TMPL_IF -->
+		<!-- TMPL_IF NAME="NOPERMISSION" -->
+		<p class="warning">You do not have permission to edit this member's login information.</p>
+		<!-- /TMPL_IF -->
 	<!-- /TMPL_IF -->


@ -33,7 +41,8 @@
 	<li><label for="newuserid">New Username:</label>
 	<input type="hidden" name="member" value="<!-- TMPL_VAR NAME="member" -->" /><input id="newuserid" name="newuserid" size="20" value="<!-- TMPL_VAR NAME="userid" -->" /></li>
 	<li><label for="newpassword">New Password:</label>
-	<div class="hint">Koha cannot display existing passwords. Below is a randomly generated suggestion</div>
+	<div class="hint">Koha cannot display existing passwords. Below is a randomly generated suggestion.  Leave the field blank to leave password unchanged.</div>
+	<!-- TMPL_IF NAME="minPasswordLength" --><div class="hint">Minimum password length: <!-- TMPL_VAR NAME="minPasswordLength" --></div><!-- /TMPL_IF -->
 	<input name="newpassword"  id="newpassword" type="text" size="20" value="<!-- TMPL_VAR NAME="defaultnewpassword" -->" /></li>
 	</ol>
 	<fieldset class="action"><input type="submit" value="Save" /></fieldset>
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/members/memberentrygen.tmpl
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/members/memberentrygen.tmpl
@ -566,7 +566,7 @@ patron <!-- TMPL_VAR name="firstname" --> <!-- TMPL_VAR NAME="surname" -->
 			<label for="userid">
 			<!-- /TMPL_IF-->
 			OPAC Login: </label>
-			<input type="text" id="userid" name="userid" size="20"  value="<!-- TMPL_VAR NAME="userid" -->" />
+			<input type="text" id="userid" name="userid" size="20" <!-- TMPL_IF NAME="NoUpdateLogin" -->disabled='true'<!-- /TMPL_IF --> value="<!-- TMPL_VAR NAME="userid" -->" />
 	  <!-- TMPL_IF NAME="mandatoryuserid" --><span class="required">Required</span><!-- /TMPL_IF -->
 		</li>
 		<li>
@ -577,12 +577,12 @@ patron <!-- TMPL_VAR name="firstname" --> <!-- TMPL_VAR NAME="surname" -->
 			<!-- /TMPL_IF-->
 			Password: </label>
 			<!--TMPL_IF NAME="opadd"-->
-				<input type="text" id="password" name="password" size="20"  value="<!-- TMPL_VAR NAME="password" -->" />
+				<input type="text" id="password" name="password" size="20"  <!-- TMPL_IF NAME="NoUpdateLogin" -->disabled='true'<!-- /TMPL_IF --> value="<!-- TMPL_VAR NAME="password" -->" />
 			<!--TMPL_ELSE-->
 				<!--TMPL_IF NAME="password"-->
-					<input type="text" id="password" name="password" size="20"  value="****" />
+					<input type="text" id="password" name="password" size="20"  <!-- TMPL_IF NAME="NoUpdateLogin" -->disabled='true'<!-- /TMPL_IF --> value="****" />
 				<!--TMPL_ELSE-->
-					<input type="text" id="password" name="password" size="20"  value="" />
+					<input type="text" id="password" name="password" size="20"  <!-- TMPL_IF NAME="NoUpdateLogin" -->disabled='true'<!-- /TMPL_IF --> value="" />
 				<!--/TMPL_IF-->
 			<!--/TMPL_IF-->
 	  <!-- TMPL_IF NAME="mandatorypassword" --><span class="required">Required</span><!-- /TMPL_IF -->
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/members/moremember.tmpl
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/members/moremember.tmpl
@ -29,12 +29,19 @@ function verify_patron_images() {
 	<div id="yui-main">
 	<div class="yui-b">
 <!-- TMPL_INCLUDE NAME="members-toolbar.inc" -->
-
+<!-- TMPL_IF NAME="error" -->
+<div class="error">
+<!-- TMPL_IF NAME="AUTH_UPDATE_FAILED" -->
+Userid / Password update failed:
+Insufficient user permissions.
+Other fields updated.
+<!-- /TMPL_IF -->
+</div>
+<!-- /TMPL_IF -->
 <div class="yui-g">
 <!-- TMPL_IF NAME="unknowuser" -->
    This patron does not exist.
 <!-- TMPL_ELSE -->
-
 <!-- TMPL_IF NAME="reregistration" --><div class="message">Patron's account has been renewed until <!-- TMPL_VAR NAME="dateexpiry" --></div><!-- /TMPL_IF -->
 <form action="" name="form">
 <input type="hidden" name="reregistration" value="<!-- TMPL_VAR NAME="reregistration"-->" /> 
--- a/members/member-flags.pl
+++ b/members/member-flags.pl
@ -17,23 +17,22 @@ use C4::Output;

 my $input = new CGI;

-my $flagsrequired;
-$flagsrequired->{borrowers}=1;
-$flagsrequired->{permissions}=1;
-
+my $flagsrequired = { permissions => 1 };
+my $member=$input->param('member');
+my $bor = GetMemberDetails( $member,'');
+if(( $bor->{'category_type'} eq 'S' ) || ($bor->{'authflags'}->{'catalogue'} )) {
+	$flagsrequired->{'staffaccess'} = 1;
+}
 my ($template, $loggedinuser, $cookie)
 	= get_template_and_user({template_name => "members/member-flags.tmpl",
 				query => $input,
 				type => "intranet",
 				authnotrequired => 0,
-				flagsrequired => {permissions => 1},
+				flagsrequired => $flagsrequired,
 				debug => 1,
 				});


-
-
-my $member=$input->param('member');
 my %member2;
 $member2{'borrowernumber'}=$member;

@ -51,7 +50,6 @@ if ($input->param('newflags')) {
    print $input->redirect("/cgi-bin/koha/members/moremember.pl?borrowernumber=$member");
 } else {
 #     my ($bor,$flags,$accessflags)=GetMemberDetails($member,'');
-    my $bor = GetMemberDetails( $member,'');
    my $flags = $bor->{'flags'};
    my $accessflags = $bor->{'authflags'};
    my $dbh=C4::Context->dbh();
--- a/members/member-password.pl
+++ b/members/member-password.pl
@ -30,43 +30,42 @@ my ($template, $loggedinuser, $cookie)

 my $flagsrequired;
 $flagsrequired->{borrowers}=1;
-my ($loggedinuser, $cookie, $sessionID) = checkauth($input, 0, $flagsrequired);
+
+#my ($loggedinuser, $cookie, $sessionID) = checkauth($input, 0, $flagsrequired);

 my $member=$input->param('member');
 my $cardnumber = $input->param('cardnumber');
 my $destination = $input->param('destination');

-my %member2;
-$member2{'borrowernumber'}=$member;
-# my $issues=GetBorrowerIssues(\%member2);
-# my $i=0;
-# foreach (sort keys %$issues) {
-#     $i++;
-# }
-
+my $errormsg;
 my ($bor,$flags)=GetMemberDetails( $member,'');
+if(( $member ne $loggedinuser ) && ($bor->{'category_type'} eq 'S' || $bor->{'authflags'}->{'catalogue'}) ) {
+	my $luser = GetMemberDetails($loggedinuser);
+	$errormsg = 'NOPERMISSION' unless($luser->{'authflags'}->{'staffaccess'} );
+}
 my $newpassword = $input->param('newpassword');
+my $minpw = C4::Context->preference('minPasswordLength');
+$errormsg = 'SHORTPASSWORD' if( $newpassword && $minpw & (length($newpassword) < $minpw ) );

-if ( $newpassword ) {
+if ( $newpassword  && ! $errormsg ) {
    my $digest=md5_base64($input->param('newpassword'));
    my $uid = $input->param('newuserid');
    my $dbh=C4::Context->dbh;
-    warn $destination;
    if (changepassword($uid,$member,$digest)) {
-	$template->param(newpassword => $newpassword);
-	if ($destination eq 'circ') {
-	    print $input->redirect("/cgi-bin/koha/circ/circulation.pl?findborrower=$cardnumber");		
-	} 
-	else {
-	    print $input->redirect("/cgi-bin/koha/members/moremember.pl?borrowernumber=$member");
-	}
-    } 
-    else {
-        $template->param(othernames => $bor->{'othernames'},
+		$template->param(newpassword => $newpassword);
+		if ($destination eq 'circ') {
+		    print $input->redirect("/cgi-bin/koha/circ/circulation.pl?findborrower=$cardnumber");		
+		} else {
+		    print $input->redirect("/cgi-bin/koha/members/moremember.pl?borrowernumber=$member");
+		}
+    } else {
+			$errormsg = 'BADUSERID';
+    	    $template->param(othernames => $bor->{'othernames'},
 						surname     => $bor->{'surname'},
 						firstname   => $bor->{'firstname'},
 						userid      => $bor->{'userid'},
-						defaultnewpassword => $newpassword );
+						defaultnewpassword => $newpassword 
+						);
    }
 } else {
    my $userid = $bor->{'userid'};
@ -100,6 +99,9 @@ if ( $newpassword ) {

 }

-$template->param( member => $member);
+$template->param( member => $member,
+					errormsg => $errormsg,
+					$errormsg => 1 ,
+					minPasswordLength => $minpw );

 output_html_with_http_headers $input, $cookie, $template->output;
--- a/members/memberentry.pl
+++ b/members/memberentry.pl
@ -73,7 +73,8 @@ my $default_city;
 my $check_categorytype=$input->param('check_categorytype');
 # NOTE: Alert for ethnicity and ethnotes fields, they are unvalided in all borrowers form
 my $borrower_data;
-
+my $noUpdateLogin;
+my $userenv = C4::Context->userenv;

 $template->param("uppercasesurnames" => C4::Context->preference('uppercasesurnames'));

@ -109,6 +110,10 @@ if ($op eq 'insert' || $op eq 'modify' || $op eq 'save') {
    $newdata{'dateenrolled'}=format_date_in_iso($newdata{'dateenrolled'}) if ($newdata{dateenrolled});  
    $newdata{'dateexpiry'}=format_date_in_iso($newdata{'dateexpiry'}) if ($newdata{dateexpiry});  
    $newdata{'dateofbirth'}=format_date_in_iso($newdata{'dateofbirth'}) if ($newdata{dateofbirth});  
+  # check permission to modify login info.
+    if ($borrower_data && ($borrower_data->{'category_type'} eq 'S') && (! C4::Auth::haspermission($dbh,$userenv->{'id'},{'staffaccess'=>1}))) {
+		$noUpdateLogin =1;
+	}
 }

 #############test for member being unique #############
@ -165,11 +170,10 @@ if ($op eq 'save' || $op eq 'insert'){
      $nok = 1;
    }
  }
-  
+    
  if (C4::Context->preference("IndependantBranches")) {
-    my $userenv = C4::Context->userenv;
    if ($userenv && $userenv->{flags} != 1){
-      warn "  $newdata{'branchcode'} : ".$userenv->{flags}.":".$userenv->{branch};
+      #warn "  $newdata{'branchcode'} : ".$userenv->{flags}.":".$userenv->{branch};
      unless (!$newdata{'branchcode'} || $userenv->{branch} eq $newdata{'branchcode'}){
        push @errors, "ERROR_branch";
        $nok=1;
@ -195,7 +199,6 @@ if ($op eq 'modify' || $op eq 'insert'){
  }
 }

-                              

 if ($op eq 'insert'){
  # Check if the userid is unique
@ -218,7 +221,11 @@ if ($op eq 'insert'){
 if ($op eq 'save'){
 	# test to know if another user have the same password and same login                                
 	unless ($nok){
-	    &ModMember(%newdata);    
+	    if($noUpdateLogin) {
+			delete $newdata{'password'};
+			delete $newdata{'userid'};
+		}
+		&ModMember(%newdata);    
 	    if ($destination eq "circ")	{
 		print $input->redirect("/cgi-bin/koha/circ/circulation.pl?findborrower=$data{'cardnumber'}");
 	    }
@ -453,7 +460,6 @@ if ($data{'dateenrolled'} eq ''){
  my $today= sprintf('%04d-%02d-%02d', Today());
  $data{'dateenrolled'}=$today;
 }
-
 $data{'surname'}=uc($data{'surname'}) if C4::Context->preference('uppercasesurnames');
 $data{'dateenrolled'}=format_date($data{'dateenrolled'});
 $data{'dateexpiry'}=format_date($data{'dateexpiry'});
@ -494,8 +500,9 @@ $template->param(
  CGIbranch => $CGIbranch,
  memberofinstution => $member_of_institution,
  CGIorganisations => $CGIorganisations,
-  
+  noUpdateLogin =>  $noUpdateLogin
  );
+  
 output_html_with_http_headers $input, $cookie, $template->output;

 # Local Variables:
--- a/members/moremember.pl
+++ b/members/moremember.pl
@ -51,6 +51,7 @@ my $dbh = C4::Context->dbh;
 my $input = new CGI;
 my $print = $input->param('print');
 my @failedrenews = $input->param('failedrenew');
+my $error = $input->param('error');
 my @renew_failed;
 for (@failedrenews) { $renew_failed[$_] = 1; }

@ -309,7 +310,8 @@ $template->param(
    totaldue         => sprintf( "%.2f", $total ),
    issueloop        => \@issuedata,
    unvalidlibrarian => $unvalidlibrarian,
-    
+   	error	         => $error,
+	$error			=> 1,
    # 		 reserveloop     => \@reservedata,
 );