From 7809a6bd132e6bd2c98d69179fc2c2f0788decb0 Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Thu, 6 Apr 2017 12:42:03 -0300 Subject: [PATCH] Bug 18403: Add new methods Koha::Patrons->search_limited and use it where needed Most of the time when we search for patrons we do not want to search for all patrons, but just the ones the logged in user is allowed to see the information. This patch takes care of that by adding a new search_limited method to Koha::Patrons. When called this method only search for patrons that the logged in user is allowed to see. Test plan: Patron autocomplete search should be limited Signed-off-by: Signed-off-by: Jon McGowan Signed-off-by: Jonathan Druart --- Koha/Patrons.pm | 35 +++++++++++++++++++++++++++++++++++ circ/ysearch.pl | 2 +- members/memberentry.pl | 2 +- opac/opac-memberentry.pl | 2 +- 4 files changed, 38 insertions(+), 3 deletions(-) diff --git a/Koha/Patrons.pm b/Koha/Patrons.pm index fd2b997583..54c805da58 100644 --- a/Koha/Patrons.pm +++ b/Koha/Patrons.pm @@ -41,6 +41,41 @@ Koha::Patron - Koha Patron Object class =cut +=head3 search_limited + +my $patrons = Koha::Patrons->search_limit( $params, $attributes ); + +Returns all the patrons the logged in user is allowed to see + +=cut + +sub search_limited { + my ( $self, $params, $attributes ) = @_; + + my $userenv = C4::Context->userenv; + my @restricted_branchcodes; + my $logged_in_user = Koha::Patrons->find( $userenv->{number} ); + if ( $logged_in_user and not + $logged_in_user->can( + { borrowers => 'view_borrower_infos_from_any_libraries' } + ) + ) + { + if ( my $library_groups = $logged_in_user->library->library_groups ) + { + while ( my $library_group = $library_groups->next ) { + push @restricted_branchcodes, + $library_group->parent->children->get_column('branchcode'); + } + } + else { + push @restricted_branchcodes, $userenv->{branch}; + } + } + $params->{'me.branchcode'} = { -in => \@restricted_branchcodes } if @restricted_branchcodes; + return $self->search( $params, $attributes ); +} + =head3 search_housebound_choosers Returns all Patrons which are Housebound choosers. diff --git a/circ/ysearch.pl b/circ/ysearch.pl index 37eaed4259..7a75c8087c 100755 --- a/circ/ysearch.pl +++ b/circ/ysearch.pl @@ -67,7 +67,7 @@ foreach my $p (@parts) { push( @params, { branchcode => C4::Context->userenv->{branch} } ) if $limit_on_branch; -my $borrowers_rs = Koha::Patrons->search( +my $borrowers_rs = Koha::Patrons->search_limited( { -and => \@params }, { # Get the first 10 results diff --git a/members/memberentry.pl b/members/memberentry.pl index 27311e31d8..5f5c922ffa 100755 --- a/members/memberentry.pl +++ b/members/memberentry.pl @@ -238,7 +238,7 @@ if ( ( $op eq 'insert' ) and !$nodouble ) { $conditions->{dateofbirth} = $newdata{dateofbirth} if $newdata{dateofbirth}; } $nodouble = 1; - my $patrons = Koha::Patrons->search($conditions); + my $patrons = Koha::Patrons->search($conditions); # FIXME Should be search_limited? if ( $patrons->count > 0) { $nodouble = 0; $check_member = $patrons->next->borrowernumber; diff --git a/opac/opac-memberentry.pl b/opac/opac-memberentry.pl index cf1ababcfc..9d3bed837e 100755 --- a/opac/opac-memberentry.pl +++ b/opac/opac-memberentry.pl @@ -390,7 +390,7 @@ sub CheckForInvalidFields { unless ( Email::Valid->address($borrower->{'email'}) ) { push(@invalidFields, "email"); } elsif ( C4::Context->preference("PatronSelfRegistrationEmailMustBeUnique") ) { - my $patrons_with_same_email = Koha::Patrons->search( + my $patrons_with_same_email = Koha::Patrons->search( # FIXME Should be search_limited? { email => $borrower->{email}, ( -- 2.39.5