From 32168100f4ccc9a5f5fec70e0d522c1174a2fbcd Mon Sep 17 00:00:00 2001 From: Owen Leonard Date: Mon, 28 Mar 2011 14:08:00 -0400 Subject: [PATCH] Fix for Bug 5974 - Bogus auth check for "StaffMember" role Also removing some YAHOO.widget.Button declarations which are redundant. Signed-off-by: Chris Cormack (cherry picked from commit a867bfcff7201a7fa3b56bee4dd484a49ece35e3) Signed-off-by: Chris Nighswonger --- .../prog/en/includes/circ-toolbar.inc | 30 ++++--------------- .../prog/en/includes/members-toolbar.inc | 8 ++--- 2 files changed, 7 insertions(+), 31 deletions(-) diff --git a/koha-tmpl/intranet-tmpl/prog/en/includes/circ-toolbar.inc b/koha-tmpl/intranet-tmpl/prog/en/includes/circ-toolbar.inc index 503f9547bc..972393d448 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/includes/circ-toolbar.inc +++ b/koha-tmpl/intranet-tmpl/prog/en/includes/circ-toolbar.inc @@ -63,13 +63,9 @@ function update_child() { var moremenu = [ { text: _("Renew Patron"), onclick: { fn: confirm_reregistration } }, - { text: _("Set Permissions"), url: "/cgi-bin/koha/members/member-flags.pl?member=[% borrowernumber %]" - [% IF ( CAN_user_permissions ) %][% IF ( StaffMember ) %] - [% UNLESS ( CAN_user_staffaccess ) %], disabled: true[% END %] - [% ELSE %][% END %] - [% ELSE %], disabled: true[% END %]}, - { text: _("Delete"), [% IF ( StaffMember ) %][% UNLESS ( CAN_user_staffaccess ) %]disabled: true, [% END %][% ELSE %][% UNLESS ( CAN_user_borrowers ) %]disabled: true, [% END %][% END %] onclick: { fn: confirm_deletion } }, - { text: _("Update Child to Adult Patron") , onclick: { fn: update_child }[% UNLESS ( is_child ) %], disabled: true[% END %]} + { text: _("Set Permissions"), url: "/cgi-bin/koha/members/member-flags.pl?member=[% borrowernumber %]"[% UNLESS CAN_user_permissions %], disabled: true[% END %]}, + { text: _("Delete"), [% UNLESS CAN_user_borrowers %]disabled: true, [% END %] onclick: { fn: confirm_deletion } }, + { text: _("Update Child to Adult Patron") , onclick: { fn: update_child }[% UNLESS is_child" %], disabled: true[% END %]} ]; new YAHOO.widget.Button({ @@ -97,23 +93,9 @@ function update_child() { [% IF ( adultborrower ) %]new YAHOO.widget.Button("addchild");[% END %] new YAHOO.widget.Button("editpatron"); new YAHOO.widget.Button("addnote"); - [% IF ( StaffMember ) %][% IF ( CAN_user_staffaccess ) %] new YAHOO.widget.Button("changepassword"); [% END %] - [% ELSE %] new YAHOO.widget.Button("changepassword"); [% END %] - new YAHOO.widget.Button("duplicate"); + [% IF CAN_user_staffaccess %] new YAHOO.widget.Button("changepassword"); [% END %] new YAHOO.widget.Button("printslip"); new YAHOO.widget.Button("printpage"); - new YAHOO.widget.Button("renewpatron"); - [% IF ( CAN_user_permissions ) %] - [% IF ( StaffMember ) %] - [% IF ( CAN_user_staffaccess ) %] - new YAHOO.widget.Button("patronflags"); - [% END %] - [% ELSE %] - new YAHOO.widget.Button("patronflags"); - [% END %] - [% END %] - [% IF ( StaffMember ) %][% UNLESS ( CAN_user_staffaccess ) %]new YAHOO.widget.Button("deletepatron");[% END %] - [% ELSE %]new YAHOO.widget.Button("deletepatron");[% END %] } //]]> @@ -136,9 +118,7 @@ function update_child() { [% END %] [% IF ( CAN_user_borrowers ) %] [% IF ( adultborrower ) %]
  • Add child
  • [% END %] -[% IF ( StaffMember ) %][% IF ( CAN_user_staffaccess ) %]
  • Change Password
  • [% END %] - [% ELSE %]
  • Change Password
  • [% END %] - [% END %] + [% CAN_user_staffaccess %]
  • Change Password
  • [% END %]
  • Duplicate
  • Print Page
  • Print Slip
  • diff --git a/koha-tmpl/intranet-tmpl/prog/en/includes/members-toolbar.inc b/koha-tmpl/intranet-tmpl/prog/en/includes/members-toolbar.inc index afad863ce8..bc3e920af3 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/includes/members-toolbar.inc +++ b/koha-tmpl/intranet-tmpl/prog/en/includes/members-toolbar.inc @@ -91,14 +91,10 @@ function update_child() { [% IF ( adultborrower ) %]new YAHOO.widget.Button("addchild");[% END %] new YAHOO.widget.Button("editpatron"); new YAHOO.widget.Button("addnote"); - new YAHOO.widget.Button("changepassword"); + [% IF CAN_user_staffaccess %]new YAHOO.widget.Button("changepassword"); [% END %] new YAHOO.widget.Button("duplicate"); new YAHOO.widget.Button("printslip"); new YAHOO.widget.Button("printpage"); - new YAHOO.widget.Button("renewpatron"); - new YAHOO.widget.Button("patronflags"); - new YAHOO.widget.Button("deletepatron"); - new YAHOO.widget.Button("updatechild"); } //]]> @@ -119,7 +115,7 @@ function update_child() { [% END %] [% END %] [% IF ( adultborrower ) %]
  • Add child
  • [% END %] -
  • Change Password
  • + [% IF CAN_user_staffaccess %]
  • Change Password
  • [% END %]
  • Duplicate
  • Print Page
  • Print Slip
  • -- 2.39.5