From 9966d218ae1705b272841c721bf4355437ba5a44 Mon Sep 17 00:00:00 2001 From: Robin Sheat Date: Wed, 31 Aug 2011 15:22:38 +1200 Subject: [PATCH] Bug 6824 - correctly check basket viewing permissions Previously you couldn't view baskets that you hadn't created, unless you were superlibrarian due to a bug. Now people with the right permissions can see the baskets. Applies to both 3.04.04 and master. Signed-off-by: Brendan Signed-off-by: Melia Meggs Signed-off-by: Chris Cormack --- acqui/basket.pl | 2 +- acqui/booksellers.pl | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/acqui/basket.pl b/acqui/basket.pl index dfc9447212..70fb39cf7d 100755 --- a/acqui/basket.pl +++ b/acqui/basket.pl @@ -197,7 +197,7 @@ if ( $op eq 'delete_confirm' ) { #if the basket is closed,and the user has the permission to edit basketgroups, display a list of basketgroups my $basketgroups; my $member = GetMember(borrowernumber => $loggedinuser); - if ($basket->{closedate} && haspermission({ flagsrequired => { acquisition => 'group_manage'} })) { + if ($basket->{closedate} && haspermission({ acquisition => 'group_manage'} )) { $basketgroups = GetBasketgroups($basket->{booksellerid}); for my $bg ( @{$basketgroups} ) { if ($basket->{basketgroupid} && $basket->{basketgroupid} == $bg->{id}){ diff --git a/acqui/booksellers.pl b/acqui/booksellers.pl index cc5c084508..fb6b2f1707 100755 --- a/acqui/booksellers.pl +++ b/acqui/booksellers.pl @@ -106,7 +106,7 @@ for my $vendor (@suppliers) { if (( $basket->{authorisedby} && $basket->{authorisedby} eq $loggedinuser ) - || haspermission( $uid, { flagsrequired => { acquisition => q{*} } } ) + || haspermission( $uid, { acquisition => q{*} } ) ) { for my $date_field (qw( creationdate closedate)) { if ( $basket->{$date_field} ) { -- 2.39.5