From 138fb47e1fe429d937a9d9aaa2c0588c14386bdb Mon Sep 17 00:00:00 2001 From: Martin Renvoize Date: Tue, 12 Jan 2021 14:24:41 +0000 Subject: [PATCH] Bug 15788: Use delete_borrowers permission Link the new delete_borrowers sub-permission to the delete actions. Test plan 1/ Remove the delete_borrowers permission from a staff user 2/ Check that the user cannot use the 'Delete' option from the members menu. Signed-off-by: David Nind Signed-off-by: Tomas Cohen Arazi Signed-off-by: Jonathan Druart --- .../prog/en/includes/members-toolbar.inc | 2 +- .../prog/en/includes/str/members-menu.inc | 1 + koha-tmpl/intranet-tmpl/prog/js/members-menu.js | 6 ++++-- members/deletemem.pl | 17 +++++++++-------- 4 files changed, 15 insertions(+), 11 deletions(-) diff --git a/koha-tmpl/intranet-tmpl/prog/en/includes/members-toolbar.inc b/koha-tmpl/intranet-tmpl/prog/en/includes/members-toolbar.inc index bb9abf4089..44d6f800a6 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/includes/members-toolbar.inc +++ b/koha-tmpl/intranet-tmpl/prog/en/includes/members-toolbar.inc @@ -64,7 +64,7 @@ [% END %] [% END %] - [% IF CAN_user_borrowers_edit_borrowers %] + [% IF CAN_user_borrowers_delete_borrowers %]
  • Delete
  • [% ELSE %]
  • Delete
  • diff --git a/koha-tmpl/intranet-tmpl/prog/en/includes/str/members-menu.inc b/koha-tmpl/intranet-tmpl/prog/en/includes/str/members-menu.inc index 6f47bda714..777f814f11 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/includes/str/members-menu.inc +++ b/koha-tmpl/intranet-tmpl/prog/en/includes/str/members-menu.inc @@ -7,6 +7,7 @@ var destination = "[% destination | html %]"; var CAN_user_borrowers_edit_borrowers = "[% CAN_user_borrowers_edit_borrowers | html %]"; + var CAN_user_borrowers_delete_borrowers = "[% CAN_user_borrowers_delete_borrowers | html %]"; var dateformat = "[% Koha.Preference('dateformat') | html %]"; diff --git a/koha-tmpl/intranet-tmpl/prog/js/members-menu.js b/koha-tmpl/intranet-tmpl/prog/js/members-menu.js index 8ee2175bb1..def803d274 100644 --- a/koha-tmpl/intranet-tmpl/prog/js/members-menu.js +++ b/koha-tmpl/intranet-tmpl/prog/js/members-menu.js @@ -1,4 +1,4 @@ -/* global borrowernumber advsearch dateformat __ CAN_user_borrowers_edit_borrowers number_of_adult_categories destination Sticky Cookies */ +/* global borrowernumber advsearch dateformat __ CAN_user_borrowers_delete_borrowers CAN_user_borrowers_edit_borrowers number_of_adult_categories destination Sticky Cookies*/ $(document).ready(function(){ @@ -26,10 +26,12 @@ $(document).ready(function(){ searchfield_date_tooltip('_filter'); }); - if( CAN_user_borrowers_edit_borrowers ){ + if( CAN_user_borrowers_delete_borrowers ){ $("#deletepatron").click(function(){ window.location='/cgi-bin/koha/members/deletemem.pl?member=' + borrowernumber; }); + } + if( CAN_user_borrowers_edit_borrowers ){ $("#renewpatron").click(function(){ confirm_reregistration(); $(".btn-group").removeClass("open"); diff --git a/members/deletemem.pl b/members/deletemem.pl index 492e00e581..2a12728548 100755 --- a/members/deletemem.pl +++ b/members/deletemem.pl @@ -38,13 +38,14 @@ use Koha::Patron::Categories; my $input = CGI->new; -my ($template, $loggedinuser, $cookie) - = get_template_and_user({template_name => "members/deletemem.tt", - query => $input, - type => "intranet", - flagsrequired => {borrowers => 'edit_borrowers'}, - debug => 1, - }); +my ( $template, $loggedinuser, $cookie ) = get_template_and_user( + { template_name => "members/deletemem.tt", + query => $input, + type => "intranet", + flagsrequired => { borrowers => 'delete_borrowers' }, + debug => 1, + } +); #print $input->header; my $member = $input->param('member'); @@ -70,7 +71,7 @@ if ($patron->category->category_type eq "S") { exit 0; # Exit without error } } else { - unless(C4::Auth::haspermission($userenv->{'id'},{'borrowers'=>'edit_borrowers'})) { + unless(C4::Auth::haspermission($userenv->{'id'},{'borrowers'=>'delete_borrowers'})) { print $input->redirect("/cgi-bin/koha/members/moremember.pl?borrowernumber=$member&error=CANT_DELETE"); exit 0; # Exit without error } -- 2.39.5