Bug 16497: (follow-up) GET operations require staff access

[srvgit] / opac / opac-memberentry.pl

diff --git a/opac/opac-memberentry.pl b/opac/opac-memberentry.pl
index 4eeacf0..dbb6d99 100755 (executable)
--- a/opac/opac-memberentry.pl
+++ b/opac/opac-memberentry.pl
@@ -30,6 +30,7 @@ use C4::Members::Attributes qw( GetBorrowerAttributes );
 use C4::Form::MessagingPreferences;
 use Koha::AuthUtils;
 use Koha::Patrons;
+use Koha::Patron::Consent;
 use Koha::Patron::Modification;
 use Koha::Patron::Modifications;
 use C4::Scrubber;
@@ -88,7 +89,7 @@ if ( defined $min ) {
 
 $template->param(
     action            => $action,
-    hidden            => GetHiddenFields( $mandatory, 'registration' ),
+    hidden            => GetHiddenFields( $mandatory, $action ),
     mandatory         => $mandatory,
     libraries         => \@libraries,
     OPACPatronDetails => C4::Context->preference('OPACPatronDetails'),
@@ -209,7 +210,9 @@ if ( $action eq 'create' ) {
 
             $borrower{categorycode}     ||= C4::Context->preference('PatronSelfRegistrationDefaultCategory');
             $borrower{password}         ||= Koha::AuthUtils::generate_password;
+            my $consent_dt = delete $borrower{gdpr_proc_consent};
             my $patron = Koha::Patron->new( \%borrower )->store;
+            Koha::Patron::Consent->new({ borrowernumber => $patron->borrowernumber, type => 'GDPR_PROCESSING', given_on => $consent_dt })->store if $consent_dt;
             if ( $patron ) {
                 C4::Members::Attributes::SetBorrowerAttributes( $patron->borrowernumber, $attributes );
                 if ( C4::Context->preference('EnhancedMessagingPreferences') ) {
@@ -313,7 +316,7 @@ elsif ( $action eq 'edit' ) {    #Display logged in borrower's data
     $template->param(
         borrower  => $borrower,
         guarantor => scalar Koha::Patrons->find($borrowernumber)->guarantor(),
-        hidden => GetHiddenFields( $mandatory, 'modification' ),
+        hidden => GetHiddenFields( $mandatory, 'edit' ),
         csrf_token => Koha::Token->new->generate_csrf({
             session_id => scalar $cgi->cookie('CGISESSID'),
         }),
@@ -342,7 +345,7 @@ sub GetHiddenFields {
     my ( $mandatory, $action ) = @_;
     my %hidden_fields;
 
-    my $BorrowerUnwantedField = $action eq 'modification' ?
+    my $BorrowerUnwantedField = $action eq 'edit' || $action eq 'update' ?
       C4::Context->preference( "PatronSelfModificationBorrowerUnwantedField" ) :
       C4::Context->preference( "PatronSelfRegistrationBorrowerUnwantedField" );
 
@@ -366,6 +369,7 @@ sub GetMandatoryFields {
       C4::Context->preference("PatronSelfRegistrationBorrowerMandatoryField");
 
     my @fields = split( /\|/, $BorrowerMandatoryField );
+    push @fields, 'gdpr_proc_consent' if C4::Context->preference('GDPR_Policy');
 
     foreach (@fields) {
         $mandatory_fields{$_} = 1;
@@ -472,6 +476,9 @@ sub ParseCgiForBorrower {
         $borrower{'dateofbirth'} = undef;
     }
 
+    # Replace checkbox 'agreed' by datetime in gdpr_proc_consent
+    $borrower{gdpr_proc_consent} = dt_from_string if  $borrower{gdpr_proc_consent} && $borrower{gdpr_proc_consent} eq 'agreed';
+
     return %borrower;
 }