X-Git-Url: http://koha-dev.rot13.org:8081/gitweb/?a=blobdiff_plain;f=members%2Fmember-flags.pl;h=900a176ad515ed154eb1faefd702f756c19a9964;hb=30f598cebef0f37b58b2daf592a608ff717391d0;hp=e7c24e9e0442ac2a8ec04d5b73d29ea9417fcc3a;hpb=9cad748de79f6b11026e3a112c2dd3dbc6c0cfc8;p=srvgit diff --git a/members/member-flags.pl b/members/member-flags.pl index e7c24e9e04..900a176ad5 100755 --- a/members/member-flags.pl +++ b/members/member-flags.pl @@ -4,50 +4,50 @@ # Written by Steve Tonnesen # July 26, 2002 (my birthday!) -use strict; -use warnings; +use Modern::Perl; use CGI qw ( -utf8 ); -use C4::Output; -use C4::Auth qw(:DEFAULT :EditPermissions); +use C4::Output qw( output_and_exit_if_error output_and_exit output_html_with_http_headers ); +use C4::Auth qw( get_template_and_user get_all_subpermissions get_user_subpermissions ); use C4::Context; -use C4::Members; -use C4::Members::Attributes qw(GetBorrowerAttributes); -#use C4::Acquisitions; use Koha::Patron::Categories; use Koha::Patrons; -use C4::Output; -use Koha::Patron::Images; +use C4::Output qw( output_and_exit_if_error output_and_exit output_html_with_http_headers ); use Koha::Token; -my $input = new CGI; +my $input = CGI->new; my $flagsrequired = { permissions => 1 }; my $member=$input->param('member'); my $patron = Koha::Patrons->find( $member ); +unless ( $patron ) { + print $input->redirect("/cgi-bin/koha/circ/circulation.pl?borrowernumber=$member"); + exit; +} + my $category_type = $patron->category->category_type; my $bor = $patron->unblessed; -if( $category_type eq 'S' ) { +if( $category_type eq 'S' ) { # FIXME Is this really needed? $flagsrequired->{'staffaccess'} = 1; } my ($template, $loggedinuser, $cookie) = get_template_and_user({ template_name => "members/member-flags.tt", query => $input, type => "intranet", - authnotrequired => 0, flagsrequired => $flagsrequired, - debug => 1, }); +my $logged_in_user = Koha::Patrons->find( $loggedinuser ); +output_and_exit_if_error( $input, $cookie, $template, { module => 'members', logged_in_user => $logged_in_user, current_patron => $patron } ); my %member2; $member2{'borrowernumber'}=$member; if ($input->param('newflags')) { - die "Wrong CSRF token" + output_and_exit( $input, $cookie, $template, 'wrong_csrf_token' ) unless Koha::Token->new->check_csrf({ session_id => scalar $input->cookie('CGISESSID'), token => scalar $input->param('csrf_token'), @@ -79,8 +79,13 @@ if ($input->param('newflags')) { } $sth = $dbh->prepare("UPDATE borrowers SET flags=? WHERE borrowernumber=?"); + my $old_flags = $patron->flags // 0; + if( ( $old_flags == 1 || $module_flags == 1 ) && + $old_flags != $module_flags ) { + die "Non-superlibrarian is changing superlibrarian privileges" if !C4::Context->IsSuperLibrarian && C4::Context->preference('ProtectSuperlibrarianPrivileges'); # Interface should not allow this, so we can just die here + } $sth->execute($module_flags, $member); - + # deal with subpermissions $sth = $dbh->prepare("DELETE FROM user_permissions WHERE borrowernumber = ?"); $sth->execute($member); @@ -98,7 +103,6 @@ if ($input->param('newflags')) { print $input->redirect("/cgi-bin/koha/members/moremember.pl?borrowernumber=$member"); } else { - my $flags = C4::Members::patronflags( $bor ); my $accessflags; my $dbh = C4::Context->dbh(); # FIXME This needs to be improved to avoid doing the same query @@ -170,53 +174,16 @@ if ($input->param('newflags')) { if ($#sub_perm_loop > -1) { $row{sub_perm_loop} = \@sub_perm_loop; } + next if ( ( $row{flag} eq 'cash_management' ) && !C4::Context->preference('UseCashRegisters') ); push @loop, \%row; } - if ( $category_type eq 'C') { - my $patron_categories = Koha::Patron::Categories->search_limited({ category_type => 'A' }, {order_by => ['categorycode']}); - $template->param( 'CATCODE_MULTI' => 1) if $patron_categories->count > 1; - $template->param( 'catcode' => $patron_categories->next ) if $patron_categories->count == 1; - } - -$template->param( adultborrower => 1 ) if ( $category_type =~ /^(A|I)$/ ); - $template->param( picture => 1 ) if $patron->image; - -if (C4::Context->preference('ExtendedPatronAttributes')) { - my $attributes = GetBorrowerAttributes($bor->{'borrowernumber'}); - $template->param( - ExtendedPatronAttributes => 1, - extendedattributes => $attributes - ); -} - $template->param( - borrowernumber => $bor->{'borrowernumber'}, - cardnumber => $bor->{'cardnumber'}, - surname => $bor->{'surname'}, - firstname => $bor->{'firstname'}, - othernames => $bor->{'othernames'}, - categorycode => $bor->{'categorycode'}, - category_type => $category_type, - categoryname => $bor->{'description'}, - address => $bor->{address}, - address2 => $bor->{'address2'}, - streettype => $bor->{streettype}, - city => $bor->{'city'}, - state => $bor->{'state'}, - zipcode => $bor->{'zipcode'}, - country => $bor->{'country'}, - phone => $bor->{'phone'}, - phonepro => $bor->{'phonepro'}, - mobile => $bor->{'mobile'}, - email => $bor->{'email'}, - emailpro => $bor->{'emailpro'}, - branchcode => $bor->{'branchcode'}, + patron => $patron, loop => \@loop, - is_child => ( $category_type eq 'C' ), - RoutingSerials => C4::Context->preference('RoutingSerials'), csrf_token => Koha::Token->new->generate_csrf( { session_id => scalar $input->cookie('CGISESSID'), } ), + disable_superlibrarian_privs => C4::Context->preference('ProtectSuperlibrarianPrivileges') ? !C4::Context->IsSuperLibrarian : 0, ); output_html_with_http_headers $input, $cookie, $template->output;