-if ( $reregistration eq 'y' ) {
- # re-reregistration function to automatic calcul of date expiry
- $dateexpiry = ExtendMemberSubscriptionTo( $borrowernumber );
-} else {
- my $sth=$dbh->prepare("Update borrowers set debarred = ? where borrowernumber = ?");
- $sth->execute($status,$borrowernumber);
- $sth->finish;
- }
+my $logged_in_user = Koha::Patrons->find( { userid => $loggedinuserid } );
+my $patron = Koha::Patrons->find( $borrowernumber );
+
+# Ideally we should display a warning on the interface if the logged in user is
+# not allowed to modify this patron.
+# But a librarian is not supposed to hack the system
+if ( $logged_in_user->can_see_patron_infos($patron) ) {
+ if ( $reregistration eq 'y' ) {
+ # re-reregistration function to automatic calcul of date expiry
+ $dateexpiry = $patron->renew_account;
+ } else {
+ my $sth = $dbh->prepare("UPDATE borrowers SET debarred = ?, debarredcomment = '' WHERE borrowernumber = ?");
+ $sth->execute( $status, $borrowernumber );
+ $sth->finish;
+ }
+}