From ac12ba03fbe79009983224ff0d0b73bc7da3fe47 Mon Sep 17 00:00:00 2001
From: Ryan Higgins <rch@liblime.com>
Date: Wed, 5 Dec 2007 12:43:47 -0600
Subject: [PATCH] Able to call haspermission w/o $dbh, and add error msg on
 deletemember.

Signed-off-by: Chris Cormack <crc@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
---
 C4/Auth.pm                                          |  1 +
 .../prog/en/modules/members/moremember.tmpl         |  3 +++
 members/deletemem.pl                                | 13 ++++++++-----
 3 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/C4/Auth.pm b/C4/Auth.pm
index b4d7b96b83..82a895ca0f 100755
--- a/C4/Auth.pm
+++ b/C4/Auth.pm
@@ -1198,6 +1198,7 @@ Returns member's flags or 0 if a permission is not met.
 sub haspermission {
     my ( $dbh, $userid, $flagsrequired ) = @_;
 	my ($flags,$intflags);
+	$dbh=C4::Context->dbh unless($dbh);
 	if(ref($userid)) {
 		$intflags = $userid->{'flags'};  
 	} else {
diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/members/moremember.tmpl b/koha-tmpl/intranet-tmpl/prog/en/modules/members/moremember.tmpl
index 9ee6ebe7b5..48be87ad37 100644
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/members/moremember.tmpl
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/members/moremember.tmpl
@@ -29,6 +29,9 @@ Userid / Password update failed:
 Insufficient user permissions.
 Other fields updated.
 <!-- /TMPL_IF -->
+<!-- TMPL_IF NAME="CANT_DELETE" -->
+Unable to delete member: insufficient privileges.
+<!-- /TMPL_IF -->
 </div>
 <!-- /TMPL_IF -->
 <div class="yui-g">
diff --git a/members/deletemem.pl b/members/deletemem.pl
index 0aa7e5cc31..e1f8a59e62 100755
--- a/members/deletemem.pl
+++ b/members/deletemem.pl
@@ -36,9 +36,6 @@ my $input = new CGI;
 
 my $flagsrequired;
 $flagsrequired->{borrowers}=1;
-if( $bor->{'category_type'} eq 'S' )  {
-    $flagsrequired->{'staffaccess'} = 1;
-}  
 my ($loggedinuser, $cookie, $sessionID) = checkauth($input, 0, $flagsrequired);
 
 
@@ -51,12 +48,18 @@ my ($countissues,$issues)=GetPendingIssues($member);
 
 my ($bor)=GetMemberDetails($member,'');
 my $flags=$bor->{flags};
+
+my $userenv = C4::Context->userenv;
+if(C4::Auth::haspermission(undef,$userenv->{'id'},{'staffaccess'=>1})) {
+  print $input->redirect("/cgi-bin/koha/members/moremember.pl?borrowernumber=$member&error=CANT_DELETE");
+	exit 1;
+}
+
 if (C4::Context->preference("IndependantBranches")) {
-	my $userenv = C4::Context->userenv;
 	unless ($userenv->{flags} == 1){
 		unless ($userenv->{'branch'} eq $bor->{'branchcode'}){
 #			warn "user ".$userenv->{'branch'} ."borrower :". $bor->{'branchcode'};
-			print $input->redirect("/cgi-bin/koha/members/moremember.pl?borrowernumber=$member");
+			print $input->redirect("/cgi-bin/koha/members/moremember.pl?borrowernumber=$member&error=CANT_DELETE");
 			exit 1;
 		}
 	}
-- 
2.39.5