Bug 32976: Add permission check on Add/Edit controls for patron images

This adds a check on the batch_upload_patron_images permission
to the Add/Edit control for patron images in the patron account
in the staff interface.

To test:
* Enable patronimages system preference
* With your 'superlibrarian' account:
* Add and edit/remove a patron image to an account
* Create a staff user with batch_upload_patron_images permission
* Log in with this user and verify everything works the same
  as before
* Remove the batch_upload_patron_images permission
* Verify the Add/Edit controls are on longer visible to this
  patron

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Christopher Brannon <cbrannon@cdalibrary.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

diff --git a/koha-tmpl/intranet-tmpl/prog/en/includes/circ-menu.inc b/koha-tmpl/intranet-tmpl/prog/en/includes/circ-menu.inc
index be02b21..2e04c4e 100644 (file)
--- a/koha-tmpl/intranet-tmpl/prog/en/includes/circ-menu.inc
+++ b/koha-tmpl/intranet-tmpl/prog/en/includes/circ-menu.inc
@@ -36,14 +36,18 @@
         <div class="patronimage-container">
             [% IF ( patron.image ) %]
                 <img src="/cgi-bin/koha/members/patronimage.pl?borrowernumber=[% patron.borrowernumber | uri %]" class="patronimage" alt="[% patron.firstname | html %] [% patron.surname | html %] ([% patron.cardnumber | html %])" />
-                <div class="patronimage-controls">
-                    <div class="patronimage-control"><a data-borrowernumber="[% patron.borrowernumber | uri %]" data-cardnumber="[% patron.cardnumber | html %]" class="btn btn-default edit-patronimage" title="Patron photo" href="#"><i class="fa fa-pencil"></i> Edit</a></div>
-                </div>
+                [% IF ( CAN_user_tools_batch_upload_patron_images ) %]
+                    <div class="patronimage-controls">
+                        <div class="patronimage-control"><a data-borrowernumber="[% patron.borrowernumber | uri %]" data-cardnumber="[% patron.cardnumber | html %]" class="btn btn-default edit-patronimage" title="Patron photo" href="#"><i class="fa fa-pencil"></i> Edit</a></div>
+                    </div>
+                [% END %]
             [% ELSE %]
                 <div class="patronimage empty"></div>
-                <div class="patronimage-controls">
-                    <div class="patronimage-control"><a data-borrowernumber="[% patron.borrowernumber | uri %]" data-cardnumber="[% patron.cardnumber | html %]" class="btn btn-default edit-patronimage" title="Patron photo" href="#"><i class="fa fa-plus"></i> Add</a></div>
-                </div>
+                [% IF ( CAN_user_tools_batch_upload_patron_images ) %]
+                    <div class="patronimage-controls">
+                        <div class="patronimage-control"><a data-borrowernumber="[% patron.borrowernumber | uri %]" data-cardnumber="[% patron.cardnumber | html %]" class="btn btn-default edit-patronimage" title="Patron photo" href="#"><i class="fa fa-plus"></i> Add</a></div>
+                    </div>
+                [% END %]
             [% END %]
         </div>
     </div>