From 1a91801b06607ee9e5f8c21d531a7b7a3ca3b683 Mon Sep 17 00:00:00 2001 From: Ryan Higgins Date: Sat, 1 Dec 2007 20:56:27 -0600 Subject: [PATCH] Add Staff member type. Add permissions checks for bug# 1269 and related permissions on memberentry and mods. Signed-off-by: Joshua Ferraro --- C4/Members.pm | 3 +- .../prog/en/modules/admin/categorie.tmpl | 4 +- .../en/modules/members/member-password.tmpl | 13 ++++- .../en/modules/members/memberentrygen.tmpl | 8 ++-- .../prog/en/modules/members/moremember.tmpl | 11 ++++- members/member-flags.pl | 16 +++---- members/member-password.pl | 48 ++++++++++--------- members/memberentry.pl | 23 +++++---- members/moremember.pl | 4 +- 9 files changed, 79 insertions(+), 51 deletions(-) diff --git a/C4/Members.pm b/C4/Members.pm index a790165e9f..4e1822f4d4 100644 --- a/C4/Members.pm +++ b/C4/Members.pm @@ -352,6 +352,7 @@ sub GetMemberDetails { my $borrower = $sth->fetchrow_hashref; my ($amount) = GetMemberAccountRecords( $borrowernumber); $borrower->{'amountoutstanding'} = $amount; + # FIXME - patronflags calls GetMemberAccountRecords... just have patronflags return $amount my $flags = patronflags( $borrower); my $accessflagshash; @@ -409,7 +410,7 @@ sub GetMemberDetails { {itemlist} ref-to-array: list of available items =cut - +# FIXME rename this function. sub patronflags { my %flags; my ( $patroninformation) = @_; diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/categorie.tmpl b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/categorie.tmpl index 7d8aa54b7f..40f2d5a373 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/categorie.tmpl +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/categorie.tmpl @@ -123,7 +123,8 @@
  •   @@ -230,6 +231,7 @@ Confirm Deletion of Category Child Prof. Org. + Staff months years diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/members/member-password.tmpl b/koha-tmpl/intranet-tmpl/prog/en/modules/members/member-password.tmpl index a6aee9df89..d965986f65 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/members/member-password.tmpl +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/members/member-password.tmpl @@ -23,8 +23,16 @@
    "> "> - + +

    You have entered a User ID that already exists. Please choose another one.

    + + +

    The Password entered is too short.

    + + +

    You do not have permission to edit this member's login information.

    + @@ -33,7 +41,8 @@
  • " />" />
  • -
    Koha cannot display existing passwords. Below is a randomly generated suggestion
    +
    Koha cannot display existing passwords. Below is a randomly generated suggestion. Leave the field blank to leave password unchanged.
    +
    Minimum password length:
    " />
  • diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/members/memberentrygen.tmpl b/koha-tmpl/intranet-tmpl/prog/en/modules/members/memberentrygen.tmpl index 7d66507947..9980b2946b 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/members/memberentrygen.tmpl +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/members/memberentrygen.tmpl @@ -566,7 +566,7 @@ patron - " /> + disabled='true' value="" /> Required
  • @@ -577,12 +577,12 @@ patron Password: - " /> + disabled='true' value="" /> - + disabled='true' value="****" /> - + disabled='true' value="" /> Required diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/members/moremember.tmpl b/koha-tmpl/intranet-tmpl/prog/en/modules/members/moremember.tmpl index c83255adcf..494d51e909 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/members/moremember.tmpl +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/members/moremember.tmpl @@ -29,12 +29,19 @@ function verify_patron_images() {
    - + +
    + +Userid / Password update failed: +Insufficient user permissions. +Other fields updated. + +
    +
    This patron does not exist. -
    Patron's account has been renewed until
    " /> diff --git a/members/member-flags.pl b/members/member-flags.pl index a7c6011cab..46c5cb4cb9 100755 --- a/members/member-flags.pl +++ b/members/member-flags.pl @@ -17,23 +17,22 @@ use C4::Output; my $input = new CGI; -my $flagsrequired; -$flagsrequired->{borrowers}=1; -$flagsrequired->{permissions}=1; - +my $flagsrequired = { permissions => 1 }; +my $member=$input->param('member'); +my $bor = GetMemberDetails( $member,''); +if(( $bor->{'category_type'} eq 'S' ) || ($bor->{'authflags'}->{'catalogue'} )) { + $flagsrequired->{'staffaccess'} = 1; +} my ($template, $loggedinuser, $cookie) = get_template_and_user({template_name => "members/member-flags.tmpl", query => $input, type => "intranet", authnotrequired => 0, - flagsrequired => {permissions => 1}, + flagsrequired => $flagsrequired, debug => 1, }); - - -my $member=$input->param('member'); my %member2; $member2{'borrowernumber'}=$member; @@ -51,7 +50,6 @@ if ($input->param('newflags')) { print $input->redirect("/cgi-bin/koha/members/moremember.pl?borrowernumber=$member"); } else { # my ($bor,$flags,$accessflags)=GetMemberDetails($member,''); - my $bor = GetMemberDetails( $member,''); my $flags = $bor->{'flags'}; my $accessflags = $bor->{'authflags'}; my $dbh=C4::Context->dbh(); diff --git a/members/member-password.pl b/members/member-password.pl index 8db7c477cc..7f170793be 100755 --- a/members/member-password.pl +++ b/members/member-password.pl @@ -30,43 +30,42 @@ my ($template, $loggedinuser, $cookie) my $flagsrequired; $flagsrequired->{borrowers}=1; -my ($loggedinuser, $cookie, $sessionID) = checkauth($input, 0, $flagsrequired); + +#my ($loggedinuser, $cookie, $sessionID) = checkauth($input, 0, $flagsrequired); my $member=$input->param('member'); my $cardnumber = $input->param('cardnumber'); my $destination = $input->param('destination'); -my %member2; -$member2{'borrowernumber'}=$member; -# my $issues=GetBorrowerIssues(\%member2); -# my $i=0; -# foreach (sort keys %$issues) { -# $i++; -# } - +my $errormsg; my ($bor,$flags)=GetMemberDetails( $member,''); +if(( $member ne $loggedinuser ) && ($bor->{'category_type'} eq 'S' || $bor->{'authflags'}->{'catalogue'}) ) { + my $luser = GetMemberDetails($loggedinuser); + $errormsg = 'NOPERMISSION' unless($luser->{'authflags'}->{'staffaccess'} ); +} my $newpassword = $input->param('newpassword'); +my $minpw = C4::Context->preference('minPasswordLength'); +$errormsg = 'SHORTPASSWORD' if( $newpassword && $minpw & (length($newpassword) < $minpw ) ); -if ( $newpassword ) { +if ( $newpassword && ! $errormsg ) { my $digest=md5_base64($input->param('newpassword')); my $uid = $input->param('newuserid'); my $dbh=C4::Context->dbh; - warn $destination; if (changepassword($uid,$member,$digest)) { - $template->param(newpassword => $newpassword); - if ($destination eq 'circ') { - print $input->redirect("/cgi-bin/koha/circ/circulation.pl?findborrower=$cardnumber"); - } - else { - print $input->redirect("/cgi-bin/koha/members/moremember.pl?borrowernumber=$member"); - } - } - else { - $template->param(othernames => $bor->{'othernames'}, + $template->param(newpassword => $newpassword); + if ($destination eq 'circ') { + print $input->redirect("/cgi-bin/koha/circ/circulation.pl?findborrower=$cardnumber"); + } else { + print $input->redirect("/cgi-bin/koha/members/moremember.pl?borrowernumber=$member"); + } + } else { + $errormsg = 'BADUSERID'; + $template->param(othernames => $bor->{'othernames'}, surname => $bor->{'surname'}, firstname => $bor->{'firstname'}, userid => $bor->{'userid'}, - defaultnewpassword => $newpassword ); + defaultnewpassword => $newpassword + ); } } else { my $userid = $bor->{'userid'}; @@ -100,6 +99,9 @@ if ( $newpassword ) { } -$template->param( member => $member); +$template->param( member => $member, + errormsg => $errormsg, + $errormsg => 1 , + minPasswordLength => $minpw ); output_html_with_http_headers $input, $cookie, $template->output; diff --git a/members/memberentry.pl b/members/memberentry.pl index 41c1554a76..555fd66967 100755 --- a/members/memberentry.pl +++ b/members/memberentry.pl @@ -73,7 +73,8 @@ my $default_city; my $check_categorytype=$input->param('check_categorytype'); # NOTE: Alert for ethnicity and ethnotes fields, they are unvalided in all borrowers form my $borrower_data; - +my $noUpdateLogin; +my $userenv = C4::Context->userenv; $template->param("uppercasesurnames" => C4::Context->preference('uppercasesurnames')); @@ -109,6 +110,10 @@ if ($op eq 'insert' || $op eq 'modify' || $op eq 'save') { $newdata{'dateenrolled'}=format_date_in_iso($newdata{'dateenrolled'}) if ($newdata{dateenrolled}); $newdata{'dateexpiry'}=format_date_in_iso($newdata{'dateexpiry'}) if ($newdata{dateexpiry}); $newdata{'dateofbirth'}=format_date_in_iso($newdata{'dateofbirth'}) if ($newdata{dateofbirth}); + # check permission to modify login info. + if ($borrower_data && ($borrower_data->{'category_type'} eq 'S') && (! C4::Auth::haspermission($dbh,$userenv->{'id'},{'staffaccess'=>1}))) { + $noUpdateLogin =1; + } } #############test for member being unique ############# @@ -165,11 +170,10 @@ if ($op eq 'save' || $op eq 'insert'){ $nok = 1; } } - + if (C4::Context->preference("IndependantBranches")) { - my $userenv = C4::Context->userenv; if ($userenv && $userenv->{flags} != 1){ - warn " $newdata{'branchcode'} : ".$userenv->{flags}.":".$userenv->{branch}; + #warn " $newdata{'branchcode'} : ".$userenv->{flags}.":".$userenv->{branch}; unless (!$newdata{'branchcode'} || $userenv->{branch} eq $newdata{'branchcode'}){ push @errors, "ERROR_branch"; $nok=1; @@ -195,7 +199,6 @@ if ($op eq 'modify' || $op eq 'insert'){ } } - if ($op eq 'insert'){ # Check if the userid is unique @@ -218,7 +221,11 @@ if ($op eq 'insert'){ if ($op eq 'save'){ # test to know if another user have the same password and same login unless ($nok){ - &ModMember(%newdata); + if($noUpdateLogin) { + delete $newdata{'password'}; + delete $newdata{'userid'}; + } + &ModMember(%newdata); if ($destination eq "circ") { print $input->redirect("/cgi-bin/koha/circ/circulation.pl?findborrower=$data{'cardnumber'}"); } @@ -453,7 +460,6 @@ if ($data{'dateenrolled'} eq ''){ my $today= sprintf('%04d-%02d-%02d', Today()); $data{'dateenrolled'}=$today; } - $data{'surname'}=uc($data{'surname'}) if C4::Context->preference('uppercasesurnames'); $data{'dateenrolled'}=format_date($data{'dateenrolled'}); $data{'dateexpiry'}=format_date($data{'dateexpiry'}); @@ -494,8 +500,9 @@ $template->param( CGIbranch => $CGIbranch, memberofinstution => $member_of_institution, CGIorganisations => $CGIorganisations, - + noUpdateLogin => $noUpdateLogin ); + output_html_with_http_headers $input, $cookie, $template->output; # Local Variables: diff --git a/members/moremember.pl b/members/moremember.pl index 2145d9b9bd..381f996dbe 100755 --- a/members/moremember.pl +++ b/members/moremember.pl @@ -51,6 +51,7 @@ my $dbh = C4::Context->dbh; my $input = new CGI; my $print = $input->param('print'); my @failedrenews = $input->param('failedrenew'); +my $error = $input->param('error'); my @renew_failed; for (@failedrenews) { $renew_failed[$_] = 1; } @@ -309,7 +310,8 @@ $template->param( totaldue => sprintf( "%.2f", $total ), issueloop => \@issuedata, unvalidlibrarian => $unvalidlibrarian, - + error => $error, + $error => 1, # reserveloop => \@reservedata, ); -- 2.39.5