}
$sth = $dbh->prepare("UPDATE borrowers SET flags=? WHERE borrowernumber=?");
- if( !C4::Context->preference('ProtectSuperlibPrivs') || C4::Context->IsSuperLibrarian ) {
- $sth->execute($module_flags, $member);
- } else {
- my $old_flags = $patron->flags // 0;
- if( ( $old_flags == 1 || $module_flags == 1 ) &&
- $old_flags != $module_flags ) {
- die "Non-superlibrarian is changing superlibrarian privileges"; # Interface should not allow this, so we can just die here
- } else {
- $sth->execute($module_flags, $member);
- }
+ my $old_flags = $patron->flags // 0;
+ if( ( $old_flags == 1 || $module_flags == 1 ) &&
+ $old_flags != $module_flags ) {
+ die "Non-superlibrarian is changing superlibrarian privileges" if !C4::Context->IsSuperLibrarian && C4::Context->preference('ProtectSuperlibrarianPrivileges'); # Interface should not allow this, so we can just die here
}
-
+ $sth->execute($module_flags, $member);
+
# deal with subpermissions
$sth = $dbh->prepare("DELETE FROM user_permissions WHERE borrowernumber = ?");
$sth->execute($member);
loop => \@loop,
csrf_token =>
Koha::Token->new->generate_csrf( { session_id => scalar $input->cookie('CGISESSID'), } ),
- disable_superlibrarian_privs => C4::Context->preference('ProtectSuperlibPrivs') ? !C4::Context->IsSuperLibrarian : 0,
+ disable_superlibrarian_privs => C4::Context->preference('ProtectSuperlibrarianPrivileges') ? !C4::Context->IsSuperLibrarian : 0,
);
output_html_with_http_headers $input, $cookie, $template->output;