From 9d48763c774de5b266a6ab31ec90b9595c6872dd Mon Sep 17 00:00:00 2001
From: PerplexedTheta <jahdobble@llownd.net>
Date: Thu, 18 Jul 2024 12:01:44 +0100
Subject: [PATCH] Bug 36085: Only superlibrarians can protect patrons

A drive-by patch which hopes to resolve bug 36085 by only allowing superlibrarians
to protect or unprotect patrons.

Test plan:
a)  prepare two koha staff users:
        1)  a superlibrarian
        2)  a user that only has permission to edit patrons
b)  when logged in as the user prepared in step a2 (non-superlibrarian),
    then go to edit any patron
        *)  note how you can set the protected yes/no radios
c)  apply the patch
d)  repeat steps a-b as this same user
        *)  note how you can now no longer see the protected yes/no radios
e)  log in as the user prepared in step a1 (superlibrarian), then repeat
    steps a-b
f)  note how the protected yes/no radios are back

Signed-off-by: Jan Kissig <jkissig@th-wildau.de>
Signed-off-by: Paul Derscheid <paul.derscheid@lmscloud.de>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
---
 .../intranet-tmpl/prog/en/modules/members/memberentrygen.tt   | 2 +-
 members/memberentry.pl                                        | 4 ++++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/members/memberentrygen.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/members/memberentrygen.tt
index b9063a486d..c3a7512b7e 100644
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/members/memberentrygen.tt
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/members/memberentrygen.tt
@@ -1085,7 +1085,7 @@ legend.collapsed i.fa.fa-caret-down::before {
                                             </li>
                                         [% END %]
 
-                                        [% UNLESS noprotected %]
+                                        [% UNLESS noprotected || !CanUpdateProtectPatron %]
                                             <li class="radio">
                                                 <label for="protected">Protected:</label>
                                                 [% IF ( patron.protected == 1 ) %]
diff --git a/members/memberentry.pl b/members/memberentry.pl
index af6dfeea0b..df7d92f18a 100755
--- a/members/memberentry.pl
+++ b/members/memberentry.pl
@@ -95,6 +95,7 @@ my $borrower_data;
 my $NoUpdateLogin;
 my $NoUpdateEmail;
 my $CanUpdatePasswordExpiration;
+my $CanUpdateProtectPatron;
 my $userenv = C4::Context->userenv;
 my @messages;
 
@@ -172,6 +173,7 @@ if ( $op eq 'edit_form' or $op eq 'cud-save' or $op eq 'duplicate' ) {
     }
     if ($logged_in_user->is_superlibrarian) {
         $CanUpdatePasswordExpiration = 1;
+        $CanUpdateProtectPatron = 1;
     }
 
     $borrower_data = $patron->unblessed;
@@ -233,6 +235,7 @@ if ( $op eq 'cud-insert' || $op eq 'edit_form' || $op eq 'cud-save' || $op eq 'd
         map { qr/^$_$/ }
         grep { $_ ne 'dateexpiry' } split( /\s*\|\s*/, C4::Context->preference('BorrowerUnwantedField') || q{} );
     push @keys_to_delete, qr/^password_expiration_date$/ unless $CanUpdatePasswordExpiration;
+    push @keys_to_delete, qr/^protected$/ unless $CanUpdateProtectPatron;
     for my $regexp (@keys_to_delete) {
         for (keys %newdata) {
             delete($newdata{$_}) if /$regexp/;
@@ -805,6 +808,7 @@ $template->param(
   NoUpdateLogin =>  $NoUpdateLogin,
   NoUpdateEmail =>  $NoUpdateEmail,
   CanUpdatePasswordExpiration => $CanUpdatePasswordExpiration,
+  CanUpdateProtectPatron => $CanUpdateProtectPatron,
   );
 
 # HouseboundModule data
-- 
2.39.5