MT2582: Fix user deletion without permission

[koha.git] / members / deletemem.pl

diff --git a/members/deletemem.pl b/members/deletemem.pl
index a1694f6..fa3cad3 100755 (executable)
--- a/members/deletemem.pl
+++ b/members/deletemem.pl
@@ -49,16 +49,24 @@ my $countissues = scalar(@$issues);
 my ($bor)=GetMemberDetails($member,'');
 my $flags=$bor->{flags};
 my $userenv = C4::Context->userenv;
+
+ 
+
 if ($bor->{category_type} eq "S") {
     unless(C4::Auth::haspermission($userenv->{'id'},{'staffaccess'=>1})) {
         print $input->redirect("/cgi-bin/koha/members/moremember.pl?borrowernumber=$member&error=CANT_DELETE_STAFF");
         exit 1;
     }
+} else {
+    unless(C4::Auth::haspermission($userenv->{'id'},{'borrowers'=>1})) {
+       print $input->redirect("/cgi-bin/koha/members/moremember.pl?borrowernumber=$member&error=CANT_DELETE");
+       exit 1;
+    }
 }
 
 if (C4::Context->preference("IndependantBranches")) {
     my $userenv = C4::Context->userenv;
-    if ($userenv->{flags} != 1 && $bor->{'branchcode'}){
+    if (($userenv->{flags} % 2 != 1) && $bor->{'branchcode'}){
         unless ($userenv->{branch} eq $bor->{'branchcode'}){
             print $input->redirect("/cgi-bin/koha/members/moremember.pl?borrowernumber=$member&error=CANT_DELETE_OTHERLIBRARY");
             exit;