Bug 27811: Hide payment buttons if not enough permission

If the logged in librarian does not have the updatecharges >
remaining_permissions subpermission, we should hide the 2 "Make payment"
and "Pay all fines" button from the patron detail/circ page.

Test plan:
1 - Grant an account circulation/staffaccess permissions and any subpermissions in updatechagres but NOT 'remaining_permissions'
2 - Add some charges to a patron account
3 - Sign in with the account created in #1
4 - Bring up the patron you added charges to
=> The two buttons are not displayed

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

diff --git a/koha-tmpl/intranet-tmpl/prog/en/includes/blocked-fines.inc b/koha-tmpl/intranet-tmpl/prog/en/includes/blocked-fines.inc
index ccb5ed2..c9bb371 100644 (file)
--- a/koha-tmpl/intranet-tmpl/prog/en/includes/blocked-fines.inc
+++ b/koha-tmpl/intranet-tmpl/prog/en/includes/blocked-fines.inc
@@ -7,7 +7,9 @@
         [% IF !Koha.Preference('AllowFineOverride') && NoIssuesCharge && fines > NoIssuesCharge %]
            <span class="circ-hlt">Checkouts are BLOCKED because fine balance is OVER THE LIMIT.</span>
         [% END %]
-        <a href="/cgi-bin/koha/members/pay.pl?borrowernumber=[% patron.borrowernumber | uri %]" class="btn btn-default btn-xs" >Make payment</a>
-        <a href="/cgi-bin/koha/members/paycollect.pl?borrowernumber=[% patron.borrowernumber | uri %]" class="btn btn-default btn-xs" >Pay all fines</a></li>
+        [% IF CAN_user_updatecharges_remaining_permissions %]
+            <a href="/cgi-bin/koha/members/pay.pl?borrowernumber=[% patron.borrowernumber | uri %]" class="btn btn-default btn-xs" >Make payment</a>
+            <a href="/cgi-bin/koha/members/paycollect.pl?borrowernumber=[% patron.borrowernumber | uri %]" class="btn btn-default btn-xs" >Pay all fines</a></li>
+        [% END %]
     </li>
 [% END %]