Fix for Bug 5974 - Bogus auth check for "StaffMember" role

Also removing some YAHOO.widget.Button declarations which
are redundant.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
This commit is contained in:
Owen Leonard 2011-03-28 14:08:00 -04:00 committed by Paul Poulain
parent 862b6ee90d
commit f1d46529f9
2 changed files with 7 additions and 31 deletions

View file

@ -63,13 +63,9 @@ function update_child() {
var moremenu = [
{ text: _("Renew Patron"), onclick: { fn: confirm_reregistration } },
{ text: _("Set Permissions"), url: "/cgi-bin/koha/members/member-flags.pl?member=[% borrowernumber %]"
[% IF ( CAN_user_permissions ) %][% IF ( StaffMember ) %]
[% UNLESS ( CAN_user_staffaccess ) %], disabled: true[% END %]
[% ELSE %][% END %]
[% ELSE %], disabled: true[% END %]},
{ text: _("Delete"), [% IF ( StaffMember ) %][% UNLESS ( CAN_user_staffaccess ) %]disabled: true, [% END %][% ELSE %][% UNLESS ( CAN_user_borrowers ) %]disabled: true, [% END %][% END %] onclick: { fn: confirm_deletion } },
{ text: _("Update Child to Adult Patron") , onclick: { fn: update_child }[% UNLESS ( is_child ) %], disabled: true[% END %]}
{ text: _("Set Permissions"), url: "/cgi-bin/koha/members/member-flags.pl?member=[% borrowernumber %]"[% UNLESS CAN_user_permissions %], disabled: true[% END %]},
{ text: _("Delete"), [% UNLESS CAN_user_borrowers %]disabled: true, [% END %] onclick: { fn: confirm_deletion } },
{ text: _("Update Child to Adult Patron") , onclick: { fn: update_child }[% UNLESS is_child" %], disabled: true[% END %]}
];
new YAHOO.widget.Button({
@ -97,23 +93,9 @@ function update_child() {
[% IF ( adultborrower ) %]new YAHOO.widget.Button("addchild");[% END %]
new YAHOO.widget.Button("editpatron");
new YAHOO.widget.Button("addnote");
[% IF ( StaffMember ) %][% IF ( CAN_user_staffaccess ) %] new YAHOO.widget.Button("changepassword"); [% END %]
[% ELSE %] new YAHOO.widget.Button("changepassword"); [% END %]
new YAHOO.widget.Button("duplicate");
[% IF CAN_user_staffaccess %] new YAHOO.widget.Button("changepassword"); [% END %]
new YAHOO.widget.Button("printslip");
new YAHOO.widget.Button("printpage");
new YAHOO.widget.Button("renewpatron");
[% IF ( CAN_user_permissions ) %]
[% IF ( StaffMember ) %]
[% IF ( CAN_user_staffaccess ) %]
new YAHOO.widget.Button("patronflags");
[% END %]
[% ELSE %]
new YAHOO.widget.Button("patronflags");
[% END %]
[% END %]
[% IF ( StaffMember ) %][% UNLESS ( CAN_user_staffaccess ) %]new YAHOO.widget.Button("deletepatron");[% END %]
[% ELSE %]new YAHOO.widget.Button("deletepatron");[% END %]
}
//]]>
@ -136,9 +118,7 @@ function update_child() {
[% END %]
[% IF ( CAN_user_borrowers ) %]
[% IF ( adultborrower ) %]<li><a id="addchild" href="/cgi-bin/koha/members/memberentry.pl?op=add&amp;guarantorid=[% borrowernumber %]&amp;category_type=C">Add child</a></li>[% END %]
[% IF ( StaffMember ) %][% IF ( CAN_user_staffaccess ) %] <li><a id="changepassword" href="/cgi-bin/koha/members/member-password.pl?member=[% borrowernumber %]">Change Password</a></li>[% END %]
[% ELSE %] <li><a id="changepassword" href="/cgi-bin/koha/members/member-password.pl?member=[% borrowernumber %]">Change Password</a></li>[% END %]
[% END %]
[% CAN_user_staffaccess %] <li><a id="changepassword" href="/cgi-bin/koha/members/member-password.pl?member=[% borrowernumber %]">Change Password</a></li>[% END %]
<li><a id="duplicate" href="/cgi-bin/koha/members/memberentry.pl?op=duplicate&amp;borrowernumber=[% borrowernumber %]&amp;category_type=[% category_type %]">Duplicate</a></li>
<li id="printmenuc"><a id="printpage" href="/cgi-bin/koha/members/moremember.pl?borrowernumber=[% borrowernumber %]&amp;print=page">Print Page</a></li>
<li><a id="printslip" href="/cgi-bin/koha/members/moremember.pl?borrowernumber=[% borrowernumber %]&amp;print=slip">Print Slip</a></li>

View file

@ -91,14 +91,10 @@ function update_child() {
[% IF ( adultborrower ) %]new YAHOO.widget.Button("addchild");[% END %]
new YAHOO.widget.Button("editpatron");
new YAHOO.widget.Button("addnote");
new YAHOO.widget.Button("changepassword");
[% IF CAN_user_staffaccess %]new YAHOO.widget.Button("changepassword"); [% END %]
new YAHOO.widget.Button("duplicate");
new YAHOO.widget.Button("printslip");
new YAHOO.widget.Button("printpage");
new YAHOO.widget.Button("renewpatron");
new YAHOO.widget.Button("patronflags");
new YAHOO.widget.Button("deletepatron");
new YAHOO.widget.Button("updatechild");
}
//]]>
@ -119,7 +115,7 @@ function update_child() {
[% END %]
[% END %]
[% IF ( adultborrower ) %]<li><a id="addchild" href="/cgi-bin/koha/members/memberentry.pl?op=add&amp;guarantorid=[% borrowernumber %]&amp;category_type=C">Add child</a></li>[% END %]
<li><a id="changepassword" href="/cgi-bin/koha/members/member-password.pl?member=[% borrowernumber %]">Change Password</a></li>
[% IF CAN_user_staffaccess %]<li><a id="changepassword" href="/cgi-bin/koha/members/member-password.pl?member=[% borrowernumber %]">Change Password</a></li> [% END %]
<li><a id="duplicate" href="/cgi-bin/koha/members/memberentry.pl?op=duplicate&amp;borrowernumber=[% borrowernumber %]&amp;category_type=[% category_type %]">Duplicate</a></li>
<li id="printmenuc"><a id="printpage" href="/cgi-bin/koha/members/moremember.pl?borrowernumber=[% borrowernumber %]&amp;print=page">Print Page</a></li>
<li><a id="printslip" href="/cgi-bin/koha/members/moremember.pl?borrowernumber=[% borrowernumber %]&amp;print=slip">Print Slip</a></li>