From 8c3a25bf1f0490c8a2e1c6cf237313cd8b4905e7 Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Tue, 27 Feb 2024 11:43:22 +0100 Subject: [PATCH] Bug 34478: Prevent renew if logged in user is not allowed to This should be on its own bug. Feel free to do it if you have the energy, I do not. Signed-off-by: Jonathan Druart --- serials/subscription-renew.pl | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/serials/subscription-renew.pl b/serials/subscription-renew.pl index e653b284df..5fd285b014 100755 --- a/serials/subscription-renew.pl +++ b/serials/subscription-renew.pl @@ -81,6 +81,12 @@ if ( $op eq "cud-renew" ) { # Make sure the subscription exists my $subscription = GetSubscription( $subscriptionid ); output_and_exit( $query, $cookie, $template, 'unknown_subscription') unless $subscription; + + if ($subscription->{cannotedit}){ + carp "Attempt to renew subscription $subscriptionid by ".C4::Context->userenv->{'id'}." not allowed"; + print $query->redirect("/cgi-bin/koha/serials/subscription-detail.pl?subscriptionid=$subscriptionid"); + } + my $startdate = output_pref( { str => scalar $query->param('startdate'), dateonly => 1, dateformat => 'iso' } ); ($numberlength, $weeklength, $monthlength) = GetSubscriptionLength( $subtype, $sublength ); ReNewSubscription( @@ -99,6 +105,7 @@ if ( $op eq "cud-renew" ) { for my $subscriptionid ( @subscriptionids ) { my $subscription = GetSubscription( $subscriptionid ); next unless $subscription; + next if $subscription->{cannotedit}; ReNewSubscription( { subscriptionid => $subscriptionid,