From 6710641eee8351106d0f52d7ccfaf502757e12b8 Mon Sep 17 00:00:00 2001 From: Matthias Meusburger Date: Wed, 10 Mar 2010 22:26:04 +0100 Subject: [PATCH] MT2582: Fix user deletion without permission Signed-off-by: Henri-Damien LAURENT Signed-off-by: Galen Charlton --- koha-tmpl/intranet-tmpl/prog/en/includes/circ-toolbar.inc | 2 +- members/deletemem.pl | 8 ++++++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/koha-tmpl/intranet-tmpl/prog/en/includes/circ-toolbar.inc b/koha-tmpl/intranet-tmpl/prog/en/includes/circ-toolbar.inc index 4306fceb90..47815d7f75 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/includes/circ-toolbar.inc +++ b/koha-tmpl/intranet-tmpl/prog/en/includes/circ-toolbar.inc @@ -64,7 +64,7 @@ function update_child() { , disabled: true , disabled: true}, - { text: _("Delete"), disabled: true, onclick: { fn: confirm_deletion } }, + { text: _("Delete"), disabled: true, disabled: true, onclick: { fn: confirm_deletion } }, { text: _("Update Child to Adult Patron") , onclick: { fn: update_child }, disabled: true} ]; diff --git a/members/deletemem.pl b/members/deletemem.pl index 81cb750177..53297a3784 100755 --- a/members/deletemem.pl +++ b/members/deletemem.pl @@ -49,11 +49,19 @@ my $countissues = scalar(@$issues); my ($bor)=GetMemberDetails($member,''); my $flags=$bor->{flags}; my $userenv = C4::Context->userenv; + + + if ($bor->{category_type} eq "S") { unless(C4::Auth::haspermission($userenv->{'id'},{'staffaccess'=>1})) { print $input->redirect("/cgi-bin/koha/members/moremember.pl?borrowernumber=$member&error=CANT_DELETE_STAFF"); exit 1; } +} else { + unless(C4::Auth::haspermission($userenv->{'id'},{'borrowers'=>1})) { + print $input->redirect("/cgi-bin/koha/members/moremember.pl?borrowernumber=$member&error=CANT_DELETE"); + exit 1; + } } if (C4::Context->preference("IndependantBranches")) { -- 2.39.5