Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Koha/koha-tmpl/intranet-tmpl/prog/en/includes
History
Jonathan Druart cee2cf9ff9 Bug 18403: Add sub output_and_exit_if_error - unknown_patron & cannot_see_patron_infos 
Test plan:
Login with a patron that is not allowed to see patron's information for patrons
outside of his group. Try to access patron's information from scripts of the patron
module (members/*) and circ/circulation.pl.
You should be able to access patron's information of patrons outside of your group
and get "You are not allowed to see the information of this patron."
If you try and access a patron page with a borrowernumber that does not exist, you
should get "This patron does not exist"

Technical note:
A new C4::Output subroutine is created in this patch: "output_and_exit_if_error"
Executed at the beginning of the script it will permit not to copy/paste all the
different checks to know if the logged in user is authorised to see patron's information.
The design here can be discussed, but I did not find an alternative with as less changes.
On the way I refactor what we did with 'unknowuser' previously: it will now work with all
patron pages, not only the few that used it.
Note that the 'or die "Not logged in";' part should not be needed, but... who trusts
C4::Auth?
I think it could be used as a safeguard later. I am willing to sed and remove them
if required.

Changes in discharge.pl are mainly indentation changes.

With this patch we should now have a $patron variable that refer to the patron we
want to access. That will be very useful to remove plenty of code in members/* and
only pass this variable to the template (instead of 1 variable per patron's attribute).

Signed-off-by: Signed-off-by: Jon McGowan <jon.mcgowan@ptfs-europe.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-02-12 15:41:38 -03:00
..
catalogue Bug 16485: collection column in Item search is always empty 2017-09-01 13:02:25 -03:00
csv_headers Bug 19928: Acquisitions' CSV exports now honors syspref "delimiter" 2018-02-08 14:52:01 -03:00
virtualshelves/merge
acquisitions-add-to-basket.inc
acquisitions-menu.inc Bug 19592: Move admin templates JavaScript to the footer: Acquisitions 2017-12-11 11:34:20 -03:00
acquisitions-search.inc Bug 16557 - Remove the use of "onclick" from several include files 2016-06-24 13:51:01 +00:00
acquisitions-toolbar.inc Bug 18403: Add sub output_and_exit_if_error - unknown_patron & cannot_see_patron_infos 2018-02-12 15:41:38 -03:00
additem.js.inc Bug 14752 - (QA followup) Remove annoying modal, use dialog box instead 2016-09-13 17:21:05 +00:00
admin-items-search-field-form.inc Bug 19108: Fix Stored XSS in items_search_fields.pl 2017-09-29 12:20:50 -03:00
admin-menu.inc Bug 16735: Migrate library search groups into the new hierarchical groups 2018-02-12 15:41:25 -03:00
adv-search.inc Bug 18403: Update permissions - borrowers => 1|* becomes borrowers => 'edit_borrowers' 2018-02-12 15:41:37 -03:00
auth-finder-search.inc Bug 16239: Update templates 2017-01-13 14:41:22 +00:00
authorities-search-results.inc Bug 18703 - Translatability: Resolve some remaining %%] problems for staff client in 6 Files 2017-06-16 17:04:08 -03:00
authorities-search.inc Bug 16549 - Remove the use of "onclick" from header search forms 2016-06-24 13:48:24 +00:00
authorities-toolbar.inc Bug 18403: Add sub output_and_exit_if_error - unknown_patron & cannot_see_patron_infos 2018-02-12 15:41:38 -03:00
authorities.inc
authorities_js.inc
av-build-dropbox.inc Bug 18682 - Translatability: Get rid of [%% in translation for 2 files av-build-dropbox.inc 2017-06-05 16:35:56 -03:00
biblio-default-view.inc
biblio-view-menu.inc Bug 14610 - Add and update scripts 2016-10-26 12:15:14 +00:00
blocked-fines.inc Bug 18762: Remove warnings from xt/author/valid-templates.t 2017-06-14 14:36:28 -03:00
blocking_errors.inc Bug 18403: Add sub output_and_exit_if_error - unknown_patron & cannot_see_patron_infos 2018-02-12 15:41:38 -03:00
borrower_debarments.inc Bug 18403: Update permissions - borrowers => 1|* becomes borrowers => 'edit_borrowers' 2018-02-12 15:41:37 -03:00
branch-selector.inc Bug 18693: Translatability: Get rid of exposing a [%% FOREACH loop in translation for branch-selector.inc 2017-06-05 16:47:22 -03:00
browser-strings.inc
budgets-active-currency.inc
budgets-admin-search.inc Bug 15758: Koha::Libraries - Remove GetBranchesLoop 2016-09-08 14:36:02 +00:00
budgets-admin-toolbar.inc Bug 18403: Add sub output_and_exit_if_error - unknown_patron & cannot_see_patron_infos 2018-02-12 15:41:38 -03:00
calendar.inc Bug 18447 - Datepicker only shows -10/+10 years 2017-08-25 11:38:46 -03:00
cat-menu.inc
cat-search.inc Bug 16903 - Multiple class attributes on catalog search tab 2016-09-02 14:03:42 +00:00
cat-toolbar.inc Bug 18403: Add sub output_and_exit_if_error - unknown_patron & cannot_see_patron_infos 2018-02-12 15:41:38 -03:00
catalog-strings.inc Bug 17893 - Move JavaScript to the footer on staff client catalog pages 2017-09-07 14:05:49 -03:00
cataloging-search.inc Bug 14902 - Add qualifier menu to staff side "Search the Catalog" 2016-07-08 13:57:59 +00:00
cateditor-ui.inc Bug 18415 - Advanced Editor - Rancor - return focus to editor after successful macro 2017-05-08 09:03:34 -04:00
cateditor-widgets-marc21.inc Bug 17288: (follow-up) Remove unneccessary Date() function 2017-08-25 10:59:04 -03:00
checkin-search.inc Bug 14902 - Add qualifier menu to staff side "Search the Catalog" 2016-07-08 13:57:59 +00:00
checkouts-table-footer.inc Bug 15975 (QA Followup) Fix colspan for footer 2016-09-25 15:41:36 +00:00
checkouts-table.inc Bug 15498: Let the user choose the CSV profile to export circ history 2017-03-31 11:13:47 +00:00
circ-menu.inc Bug 18403: Update permissions - borrowers => 1|* becomes borrowers => 'edit_borrowers' 2018-02-12 15:41:37 -03:00
circ-nav.inc Bug 16530: Add a new method to the Branches TT Plugin to avoid c/p 2017-03-03 18:34:36 +00:00
circ-patron-search-results.inc Bug 19398: Format date of birth in circ patron search 2017-10-06 12:00:20 -03:00
circ-search.inc Bug 14902 - Add qualifier menu to staff side "Search the Catalog" 2016-07-08 13:57:59 +00:00
cities-admin-search.inc Bug 14902 - Add qualifier menu to staff side "Search the Catalog" 2016-07-08 13:57:59 +00:00
columns_settings.inc
contracts-admin-search.inc Bug 14902 - Add qualifier menu to staff side "Search the Catalog" 2016-07-08 13:57:59 +00:00
country-list.inc Bug 14608: Move country list to an include file 2017-03-22 23:51:30 +00:00
currencies-admin-search.inc Bug 14902 - Add qualifier menu to staff side "Search the Catalog" 2016-07-08 13:57:59 +00:00
datatables.inc Bug 12904: Force browser to load new javascript files after upgrade 2018-02-08 14:53:24 -03:00
date-format.inc
doc-head-close-receipt.inc Bug 12904: Force browser to load new javascript files after upgrade 2018-02-08 14:53:24 -03:00
doc-head-close.inc Bug 12904: Force browser to load new javascript files after upgrade 2018-02-08 14:53:24 -03:00
doc-head-open.inc
empty_line.inc Bug 18331: Force tt to insert newline to empty_line.inc 2017-08-15 12:17:40 -03:00
facets.inc Bug 17169 - Use CCODE descriptions instead of codes 2017-03-22 19:24:23 +00:00
form-blocks.inc
format_price.inc Bug 16768: (followup) Add Swiss format for datatables (format_price.inc) 2016-06-24 14:00:03 +00:00
greybox.inc Bug 12904: Force browser to load new javascript files after upgrade 2018-02-08 14:53:24 -03:00
guided-reports-view.inc
header.inc Bug 18403: Update permissions - borrowers => 1|* becomes borrowers => 'edit_borrowers' 2018-02-12 15:41:37 -03:00
help-bottom.inc Bug 16557 - Remove the use of "onclick" from several include files 2016-06-24 13:51:01 +00:00
help-top.inc Bug 12904: Force browser to load new javascript files after upgrade 2018-02-08 14:53:24 -03:00
home-search.inc Bug 18403: Update permissions - borrowers => 1|* becomes borrowers => 'edit_borrowers' 2018-02-12 15:41:37 -03:00
html_helpers.inc Bug 18884: Advanced search on staff client, Availability limit not properly limiting 2017-10-27 13:57:10 -03:00
ill-toolbar.inc Bug 7317: Handle backend absense more gracefuly 2017-11-09 11:42:14 -03:00
installer-doc-head-close.inc Bug 12904: Force browser to load new javascript files after upgrade 2018-02-08 14:53:24 -03:00
installer-strings.inc Bug 17942 - Update style of the web installer with Bootstrap 3 2017-05-09 20:54:30 +00:00
intranet-bottom.inc Bug 18718: Language selector in staff header menu similar to OPAC 2017-09-01 11:30:26 -03:00
intranetstylesheet.inc Bug 12904: Fix occurrences not caught by script 2018-02-08 14:53:24 -03:00
js_includes.inc Bug 12904: Force browser to load new javascript files after upgrade 2018-02-08 14:53:24 -03:00
labels-toolbar.inc Bug 18403: Add sub output_and_exit_if_error - unknown_patron & cannot_see_patron_infos 2018-02-12 15:41:38 -03:00
langmenu-staff-top.inc Bug 20156: Display a markup for the current language in header menu 2018-02-08 17:00:36 -03:00
letters-search.inc Bug 14902 - Add qualifier menu to staff side "Search the Catalog" 2016-07-08 13:57:59 +00:00
member-alt-address-style-de.inc Bug 17559: Fixed HTML element ID of B_streetnumber 2016-11-18 14:16:43 +00:00
member-alt-address-style-fr.inc Bug 18110: Add a field FR to the syspref AddressFormat 2017-04-28 08:50:19 -04:00
member-alt-address-style-us.inc Bug 17559: Fixed HTML element ID of B_streetnumber 2016-11-18 14:16:43 +00:00
member-alt-contact-style-de.inc
member-alt-contact-style-fr.inc Bug 18110: Add a field FR to the syspref AddressFormat 2017-04-28 08:50:19 -04:00
member-alt-contact-style-us.inc
member-display-address-style-de.inc
member-display-address-style-fr.inc Bug 18110: Folllowup to fix alternative address and add missing class 2017-04-28 08:50:19 -04:00
member-display-address-style-us.inc Bug 19612: Fix XSS in members/memberentry.pl 2018-01-09 16:01:50 -03:00
member-display-alt-address-style-de.inc Bug 10760: Alternate Address: Display street number and street type 2016-07-08 13:45:41 +00:00
member-display-alt-address-style-fr.inc Bug 18110: Folllowup to fix alternative address and add missing class 2017-04-28 08:50:19 -04:00
member-display-alt-address-style-us.inc Bug 19612: Fix XSS in members/memberentry.pl 2018-01-09 16:01:50 -03:00
member-main-address-style-de.inc Bug 15644 - City dropdown default selection when modifying a patron matches only on city 2017-09-19 11:47:32 -03:00
member-main-address-style-fr.inc Bug 15644 - City dropdown default selection when modifying a patron matches only on city 2017-09-19 11:47:32 -03:00
member-main-address-style-us.inc Bug 15644 - City dropdown default selection when modifying a patron matches only on city 2017-09-19 11:47:32 -03:00
members-menu.inc Bug 18403: Update permissions - borrowers => 1|* becomes borrowers => 'edit_borrowers' 2018-02-12 15:41:37 -03:00
members-toolbar.inc Bug 18403: Add sub output_and_exit_if_error - unknown_patron & cannot_see_patron_infos 2018-02-12 15:41:38 -03:00
merge-record-strings.inc
merge-record.inc
messaging-preference-form.inc Bug 18692 - intranet part 2017-09-01 13:02:25 -03:00
nl-search-form.tt
noadd-warnings.inc Bug 17082: Translatability: Fix sentence splitting in member.tt 2016-08-10 13:49:48 +00:00
onboarding_messages.inc Bug 19514: Implement password restrictions into onboarding tool 2017-12-14 16:57:56 -03:00
page-numbers.inc Bug 13205: [FOLLOW-UP] Fixing math and variable names 2017-10-09 16:15:49 -03:00
password_check.inc Bug 18298: Use the validate jQuery plugin 2017-10-16 09:44:32 -03:00
patron-article-requests.inc Bug 14610 - Follow-up 2016-10-26 12:15:23 +00:00
patron-search-box.inc Bug 17418 - Move staff client home page JavaScript to the footer 2016-12-16 11:53:39 +00:00
patron-search.inc Bug 19125: Fix Stored XSS in members.pl 2017-09-29 12:20:45 -03:00
patron-title.inc Bug 19456: Make patron-title ability to be generated with or without html tags 2017-12-07 09:37:10 -03:00
patron-toolbar.inc Bug 18403: Add sub output_and_exit_if_error - unknown_patron & cannot_see_patron_infos 2018-02-12 15:41:38 -03:00
patroncards-errors.inc Bug 18660: Translatability: Get rid of template directives [%% in translation for patroncards-errors.inc 2017-08-30 16:43:36 -03:00
patroncards-toolbar.inc Bug 18403: Add sub output_and_exit_if_error - unknown_patron & cannot_see_patron_infos 2018-02-12 15:41:38 -03:00
patrons-admin-search.inc Bug 14902 - Add qualifier menu to staff side "Search the Catalog" 2016-07-08 13:57:59 +00:00
permissions.inc Bug 18403: Hide patron information if not part of the logged in user library group 2018-02-12 15:41:36 -03:00
popup-bottom.inc Bug 19608: (QA follow-up) Fix redirect on localization modal 2017-12-26 12:52:33 -03:00
prefs-admin-search.inc Bug 16726: Clear text in syspref searchbox after submitting 2017-09-01 13:00:06 -03:00
prefs-menu.inc
quotes-toolbar.inc Bug 16239: Update templates 2017-01-13 14:41:22 +00:00
quotes-upload-toolbar.inc Bug 16239: Update templates 2017-01-13 14:41:22 +00:00
reports-menu.inc Bug 19664: Reports sidebar menu should match list of reports on reports home page 2017-12-20 13:34:10 -03:00
reports-toolbar.inc Bug 18403: Add sub output_and_exit_if_error - unknown_patron & cannot_see_patron_infos 2018-02-12 15:41:38 -03:00
resort_form.inc
rotating-collections-toolbar.inc Bug 18403: Add sub output_and_exit_if_error - unknown_patron & cannot_see_patron_infos 2018-02-12 15:41:38 -03:00
search_indexes.inc Bug 19807: Make IntranetCatalogSearchPulldown honor IntranetNumbersPreferPhrase 2018-01-02 12:58:55 -03:00
select2.inc Bug 12904: Force browser to load new javascript files after upgrade 2018-02-08 14:53:24 -03:00
serials-menu.inc
serials-search.inc Bug 17025: Fix XSS in serials-search.pl 2016-08-10 13:17:19 +00:00
serials-toolbar.inc Bug 18403: Add sub output_and_exit_if_error - unknown_patron & cannot_see_patron_infos 2018-02-12 15:41:38 -03:00
slip-print.inc Bug 17014 - Remove more event attributes from patron templates 2017-03-31 14:33:51 +00:00
strings.inc Bug 19444: Display error message for auto_account_expired 2017-12-18 12:16:26 -03:00
subscriptions-search.inc Bug 17537: Fix valid-templates.t for some include files 2016-11-04 11:03:48 +00:00
subtypes_unimarc.inc Bug 16557 - Remove the use of "onclick" from several include files 2016-06-24 13:51:01 +00:00
suggestions-add-search.inc Bug 14902 - Add qualifier menu to staff side "Search the Catalog" 2016-07-08 13:57:59 +00:00
timepicker.inc
tools-item-action.inc
tools-menu.inc Bug 19647: Move patron lists templates JS to the footer 2017-12-11 11:34:20 -03:00
tools-nomatch-action.inc
tools-overlay-action.inc
validator-strings.inc
vendor-menu.inc
virtualshelves-toolbar.inc Bug 18403: Add sub output_and_exit_if_error - unknown_patron & cannot_see_patron_infos 2018-02-12 15:41:38 -03:00
wysiwyg-systempreferences.inc Bug 12904: Force browser to load new javascript files after upgrade 2018-02-08 14:53:24 -03:00
z3950-admin-search.inc Bug 14902 - Add qualifier menu to staff side "Search the Catalog" 2016-07-08 13:57:59 +00:00
z3950_search.inc Bug 16812: Revise JS script for z3950_search.tts and remove onclick events 2016-07-15 15:24:57 +00:00