Koha/members/member.pl
Jonathan Druart 4bc92169dc Bug 18403: Update permissions - borrowers => 1|* becomes borrowers => 'edit_borrowers'
Test plan:
Login with a patron that only have the 'edit_borrowers' permission.
You should be able to access patron's information of patrons inside of your group.

Technical note:
Before this patchset the borrowers permission module contains only 1 permission 'edit_borrowers'.
That meant
  borrowers => 1
and
  borrowers => '*'
had the same behavior.
Moreover, now that we have 2 permissions, 'CAN_user_borrowers' is set when all
permissions of 'borrowers' are set.
We need to update the different occurrences of these tests.

Signed-off-by: Signed-off-by: Jon McGowan <jon.mcgowan@ptfs-europe.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-02-12 15:41:37 -03:00

79 lines
2.7 KiB
Perl
Executable file

#!/usr/bin/perl
#script to do a borrower enquiry/bring up borrower details etc
#written 20/12/99 by chris@katipo.co.nz
# Copyright 2000-2002 Katipo Communications
# Copyright 2013 BibLibre
#
# This file is part of Koha.
#
# Koha is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# Koha is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Koha; if not, see <http://www.gnu.org/licenses>.
use Modern::Perl;
use C4::Auth;
use C4::Output;
use CGI qw( -utf8 );
use Koha::DateUtils;
use Koha::List::Patron;
use Koha::Patrons;
my $input = new CGI;
my ($template, $loggedinuser, $cookie)
= get_template_and_user({template_name => "members/member.tt",
query => $input,
type => "intranet",
authnotrequired => 0,
flagsrequired => {borrowers => 'edit_borrowers'},
});
my $theme = $input->param('theme') || "default";
my $searchmember = $input->param('searchmember');
my $quicksearch = $input->param('quicksearch') // 0;
if ( $quicksearch and $searchmember ) {
my $branchcode;
if ( C4::Context::only_my_library ) {
my $userenv = C4::Context->userenv;
$branchcode = $userenv->{'branch'};
}
my $patron = Koha::Patrons->find( { cardnumber => $searchmember } );
if( ( $branchcode and $patron->branchcode eq $branchcode ) or ( not $branchcode and $patron ) ){
print $input->redirect("/cgi-bin/koha/members/moremember.pl?borrowernumber=" . $patron->borrowernumber);
exit;
}
}
my $searchfieldstype = $input->param('searchfieldstype') || 'standard';
$template->param( 'alphabet' => C4::Context->preference('alphabet') || join ' ', 'A' .. 'Z' );
my $view = $input->request_method() eq "GET" ? "show_form" : "show_results";
$template->param(
patron_lists => [ GetPatronLists() ],
searchmember => $searchmember,
branchcode_filter => scalar $input->param('branchcode_filter'),
categorycode_filter => scalar $input->param('categorycode_filter'),
searchtype => scalar $input->param('searchtype') || 'contain',
searchfieldstype => $searchfieldstype,
PatronsPerPage => C4::Context->preference("PatronsPerPage") || 20,
view => $view,
);
output_html_with_http_headers $input, $cookie, $template->output;