From ed12168b812876cabeeec28ef19d44fac7c83b18 Mon Sep 17 00:00:00 2001 From: Fridolin Somers Date: Wed, 23 Sep 2020 16:50:09 +0200 Subject: [PATCH] Bug 26517: Avoid deleting patrons with permission The patron deletion script misc/cronjobs/delete_patrons.pl uses C4::Member::GetBorrowersToExpunge() to get patrons that may be deleted. This method filters patrons from a staff category. I propose to also filter patrons having permission, so a staff member. Some small libraries do not define a "staff" category and give permissions to regular patrons. Test plan : 1) Create a patron on adult type category with expiry date in the past and permission to access staff interface 2) Without patch 3) Run delete script : ./src/misc/cronjobs/delete_patrons.pl -v --expired_before='$(date -I)' 4) You see the patron will be deleted 5) Apply patch 6) Run delete script : ./src/misc/cronjobs/delete_patrons.pl -v --expired_before='$(date -I)' 7) You dont see the patron Signed-off-by: David Nind Signed-off-by: Nick Clemens Signed-off-by: Jonathan Druart (cherry picked from commit c4c33e532d4abeb66bbbafe0ab75797a8e801349) Signed-off-by: Fridolin Somers (cherry picked from commit 550577ed3a003231284f59ba3084a365a8ed04e5) Signed-off-by: Andrew Fuerste-Henry (cherry picked from commit 11f271455d02f0649b3f0a7005ec3fb0e2137b00) Signed-off-by: Victor Grousset/tuxayo --- C4/Members.pm | 1 + 1 file changed, 1 insertion(+) diff --git a/C4/Members.pm b/C4/Members.pm index 6f2cb37562..8f92c27f9f 100644 --- a/C4/Members.pm +++ b/C4/Members.pm @@ -408,6 +408,7 @@ sub GetBorrowersToExpunge { $query .= q| LEFT JOIN patron_list_patrons USING (borrowernumber)|; } $query .= q| WHERE category_type <> 'S' + AND ( borrowers.flags IS NULL OR borrowers.flags = 0 ) AND tmp.guarantor_id IS NULL |; my @query_params; -- 2.39.5