From 721876785142fea84f02c7dbe4f325e2a605bd0f Mon Sep 17 00:00:00 2001 From: Nick Clemens Date: Thu, 25 Jun 2020 10:38:26 +0000 Subject: [PATCH] Bug 25875: Move check for module_bit and code to the JOIN If we limit the JOIN to rows with the correct subpermission we won't duplicate the returned patrons To test: 1 - Give a patron full acquisitions permissions 2 - Also give them several subpermissions on other areas 3 - Go to Acquisitions 4 - Edit a fund 5 - Add a user to the fund 6 - Search for user above 7 - They return multiple times in results 8 - Apply patch 9 - Restart all the things 10 - Repeat search 11 - Patron appears once Signed-off-by: Owen Leonard Signed-off-by: Katrin Fischer Signed-off-by: Jonathan Druart --- C4/Utils/DataTables/Members.pm | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/C4/Utils/DataTables/Members.pm b/C4/Utils/DataTables/Members.pm index 29efd0bd3c..580a3eab49 100644 --- a/C4/Utils/DataTables/Members.pm +++ b/C4/Utils/DataTables/Members.pm @@ -36,13 +36,15 @@ sub search { |, undef, $has_permission->{permission}); } + my (@where, @conditions); # Get the iTotalRecords DataTable variable $iTotalQuery = "SELECT COUNT(borrowers.borrowernumber) FROM borrowers"; if ( $has_permission ) { - $iTotalQuery .= ' LEFT JOIN user_permissions on borrowers.borrowernumber=user_permissions.borrowernumber'; + $iTotalQuery .= ' LEFT JOIN user_permissions ON borrowers.borrowernumber=user_permissions.borrowernumber'; + $iTotalQuery .= ' AND module_bit=? AND code=?'; + push @conditions, $has_permission->{module_bit}, $has_permission->{subpermission}; } - my (@where, @conditions); if ( @restricted_branchcodes ) { push @where, "borrowers.branchcode IN (" . join( ',', ('?') x @restricted_branchcodes ) . ")"; push @conditions, @restricted_branchcodes; @@ -89,11 +91,13 @@ sub search { my $from = "FROM borrowers LEFT JOIN branches ON borrowers.branchcode = branches.branchcode LEFT JOIN categories ON borrowers.categorycode = categories.categorycode"; + my @where_args; if ( $has_permission ) { $from .= ' - LEFT JOIN user_permissions on borrowers.borrowernumber=user_permissions.borrowernumber'; + LEFT JOIN user_permissions ON borrowers.borrowernumber=user_permissions.borrowernumber + AND module_bit=? AND code=?'; + push @where_args, $has_permission->{module_bit}, $has_permission->{subpermission}; } - my @where_args; my @where_strs; if(defined $firstletter and $firstletter ne '') { push @where_strs, "borrowers.surname LIKE ?"; -- 2.39.5