From ac12ba03fbe79009983224ff0d0b73bc7da3fe47 Mon Sep 17 00:00:00 2001 From: Ryan Higgins Date: Wed, 5 Dec 2007 12:43:47 -0600 Subject: [PATCH] Able to call haspermission w/o $dbh, and add error msg on deletemember. Signed-off-by: Chris Cormack Signed-off-by: Joshua Ferraro --- C4/Auth.pm | 1 + .../prog/en/modules/members/moremember.tmpl | 3 +++ members/deletemem.pl | 13 ++++++++----- 3 files changed, 12 insertions(+), 5 deletions(-) diff --git a/C4/Auth.pm b/C4/Auth.pm index b4d7b96b83..82a895ca0f 100755 --- a/C4/Auth.pm +++ b/C4/Auth.pm @@ -1198,6 +1198,7 @@ Returns member's flags or 0 if a permission is not met. sub haspermission { my ( $dbh, $userid, $flagsrequired ) = @_; my ($flags,$intflags); + $dbh=C4::Context->dbh unless($dbh); if(ref($userid)) { $intflags = $userid->{'flags'}; } else { diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/members/moremember.tmpl b/koha-tmpl/intranet-tmpl/prog/en/modules/members/moremember.tmpl index 9ee6ebe7b5..48be87ad37 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/members/moremember.tmpl +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/members/moremember.tmpl @@ -29,6 +29,9 @@ Userid / Password update failed: Insufficient user permissions. Other fields updated. + +Unable to delete member: insufficient privileges. +
diff --git a/members/deletemem.pl b/members/deletemem.pl index 0aa7e5cc31..e1f8a59e62 100755 --- a/members/deletemem.pl +++ b/members/deletemem.pl @@ -36,9 +36,6 @@ my $input = new CGI; my $flagsrequired; $flagsrequired->{borrowers}=1; -if( $bor->{'category_type'} eq 'S' ) { - $flagsrequired->{'staffaccess'} = 1; -} my ($loggedinuser, $cookie, $sessionID) = checkauth($input, 0, $flagsrequired); @@ -51,12 +48,18 @@ my ($countissues,$issues)=GetPendingIssues($member); my ($bor)=GetMemberDetails($member,''); my $flags=$bor->{flags}; + +my $userenv = C4::Context->userenv; +if(C4::Auth::haspermission(undef,$userenv->{'id'},{'staffaccess'=>1})) { + print $input->redirect("/cgi-bin/koha/members/moremember.pl?borrowernumber=$member&error=CANT_DELETE"); + exit 1; +} + if (C4::Context->preference("IndependantBranches")) { - my $userenv = C4::Context->userenv; unless ($userenv->{flags} == 1){ unless ($userenv->{'branch'} eq $bor->{'branchcode'}){ # warn "user ".$userenv->{'branch'} ."borrower :". $bor->{'branchcode'}; - print $input->redirect("/cgi-bin/koha/members/moremember.pl?borrowernumber=$member"); + print $input->redirect("/cgi-bin/koha/members/moremember.pl?borrowernumber=$member&error=CANT_DELETE"); exit 1; } } -- 2.39.5