cd3ef03e76
The tab will show when the staff user has edit_borrowers permission, but the page itself will not be accessible. This patch fixes the page permissions to allow access with the edit_borrowers permission as suggested by the comments on the original bug report. To test: - Create a staff user with only "edit_borrowers" permission from the borrowers module - Try to access the holds history tab from any patron account - Verify you are blocked - Apply patch - Try again and verify the page is accessible now - Repeat with superlibrarian and full borrowers permission. Signed-off-by: Séverine QUEUNE <severine.queune@bulac.fr> Signed-off-by: Bob Bennhoff <bbennhoff@clicweb.org> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
83 lines
2.2 KiB
Perl
Executable file
83 lines
2.2 KiB
Perl
Executable file
#!/usr/bin/perl
|
|
#
|
|
# This file is part of Koha.
|
|
#
|
|
# Koha is free software; you can redistribute it and/or modify it
|
|
# under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation; either version 3 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# Koha is distributed in the hope that it will be useful, but
|
|
# WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with Koha; if not, see <http://www.gnu.org/licenses>.
|
|
|
|
use Modern::Perl;
|
|
|
|
use CGI qw ( -utf8 );
|
|
|
|
use C4::Auth;
|
|
use C4::Output;
|
|
|
|
use Koha::Patrons;
|
|
|
|
my $input = CGI->new;
|
|
|
|
my $borrowernumber;
|
|
my $cardnumber;
|
|
my @all_holds;
|
|
|
|
my ($template, $loggedinuser, $cookie)= get_template_and_user({template_name => "members/holdshistory.tt",
|
|
query => $input,
|
|
type => "intranet",
|
|
authnotrequired => 0,
|
|
flagsrequired => {borrowers => 'edit_borrowers'},
|
|
debug => 1,
|
|
});
|
|
|
|
my $patron;
|
|
|
|
if ($input->param('cardnumber')) {
|
|
$cardnumber = $input->param('cardnumber');
|
|
$patron = Koha::Patrons->find( { cardnumber => $cardnumber } );
|
|
}
|
|
if ($input->param('borrowernumber')) {
|
|
$borrowernumber = $input->param('borrowernumber');
|
|
$patron = Koha::Patrons->find( $borrowernumber );
|
|
}
|
|
|
|
unless ( $patron ) {
|
|
print $input->redirect("/cgi-bin/koha/circ/circulation.pl?borrowernumber=$borrowernumber");
|
|
exit;
|
|
}
|
|
|
|
my $holds;
|
|
my $old_holds;
|
|
|
|
if ( $borrowernumber eq C4::Context->preference('AnonymousPatron') ){
|
|
# use of 'eq' in the above comparison is intentional -- the
|
|
# system preference value could be blank
|
|
$template->param( is_anonymous => 1 );
|
|
} else {
|
|
$holds = $patron->holds;
|
|
$old_holds = $patron->old_holds;
|
|
|
|
while (my $hold = $holds->next) {
|
|
push @all_holds, $hold;
|
|
}
|
|
|
|
while (my $hold = $old_holds->next) {
|
|
push @all_holds, $hold;
|
|
}
|
|
}
|
|
|
|
$template->param(
|
|
holdshistoryview => 1,
|
|
patron => $patron,
|
|
holds => \@all_holds,
|
|
);
|
|
|
|
output_html_with_http_headers $input, $cookie, $template->output;
|