my $query = new CGI;
+# FIXME Should be a checkauth call
my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
{
template_name => "about.tt",
query => $query,
type => "intranet",
authnotrequired => 0,
- flagsrequired => { borrowers => 1 },
+ flagsrequired => { borrowers => 'edit_borrowers' },
debug => 1,
}
);
+my $logged_in_user = Koha::Patrons->find( $loggedinuser ) or die "Not logged in";
+
my @params = $query->param;
foreach my $param (@params) {
if ( $param =~ "^modify_" ) {
my (undef, $borrowernumber) = split( /_/, $param );
+ my $patron = Koha::Patrons->find($borrowernumber);
+ next unless $logged_in_user->can_see_patron_infos( $patron );
+
my $action = $query->param($param);
if ( $action eq 'approve' ) {