Bug 20991: Do not lost patron's category when editing a patron

[koha.git] / members / members-update-do.pl

diff --git a/members/members-update-do.pl b/members/members-update-do.pl
index 613090b..2f64096 100755 (executable)
--- a/members/members-update-do.pl
+++ b/members/members-update-do.pl
@@ -27,23 +27,29 @@ use Koha::Patron::Modifications;
 
 my $query = new CGI;
 
+# FIXME Should be a checkauth call
 my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
     {
         template_name   => "about.tt",
         query           => $query,
         type            => "intranet",
         authnotrequired => 0,
-        flagsrequired   => { borrowers => 1 },
+        flagsrequired   => { borrowers => 'edit_borrowers' },
         debug           => 1,
     }
 );
 
+my $logged_in_user = Koha::Patrons->find( $loggedinuser ) or die "Not logged in";
+
 my @params = $query->param;
 
 foreach my $param (@params) {
     if ( $param =~ "^modify_" ) {
         my (undef, $borrowernumber) = split( /_/, $param );
 
+        my $patron = Koha::Patrons->find($borrowernumber);
+        next unless $logged_in_user->can_see_patron_infos( $patron );
+
         my $action = $query->param($param);
 
         if ( $action eq 'approve' ) {