Bug 19935: Replace GetPendingIssues - summary-print

[koha.git] / members / setstatus.pl

diff --git a/members/setstatus.pl b/members/setstatus.pl
index d91c189..bb22f3d 100755 (executable)
--- a/members/setstatus.pl
+++ b/members/setstatus.pl
@@ -23,21 +23,20 @@
 # You should have received a copy of the GNU General Public License
 # along with Koha; if not, see <http://www.gnu.org/licenses>.
 
-use strict;
-use warnings;
+use Modern::Perl;
 
 use CGI qw ( -utf8 );
 use C4::Context;
 use C4::Members;
 use C4::Auth;
+use Koha::Patrons;
 
 
 my $input = new CGI;
 
-checkauth($input, 0, { borrowers => 1 }, 'intranet');
+my ( $loggedinuserid ) = checkauth($input, 0, { borrowers => 'edit_borrowers' }, 'intranet');
 
 my $destination = $input->param("destination") || '';
-my $cardnumber = $input->param("cardnumber");
 my $borrowernumber=$input->param('borrowernumber');
 my $status = $input->param('status');
 my $reregistration = $input->param('reregistration') || '';
@@ -45,25 +44,33 @@ my $reregistration = $input->param('reregistration') || '';
 my $dbh = C4::Context->dbh;
 my $dateexpiry;
 
-if ( $reregistration eq 'y' ) {
-       # re-reregistration function to automatic calcul of date expiry
-       $dateexpiry = ExtendMemberSubscriptionTo( $borrowernumber );
-} else {
-    my $sth = $dbh->prepare("UPDATE borrowers SET debarred = ?, debarredcomment = '' WHERE borrowernumber = ?");
-    $sth->execute( $status, $borrowernumber );
-       $sth->finish;
-       }
+my $logged_in_user = Koha::Patrons->find( { userid =>  $loggedinuserid } ) or die "Not logged in";
+my $patron         = Koha::Patrons->find( $borrowernumber );
+
+# Ideally we should display a warning on the interface if the logged in user is
+# not allowed to modify this patron.
+# But a librarian is not supposed to hack the system
+if ( $logged_in_user->can_see_patron_infos($patron) ) {
+    if ( $reregistration eq 'y' ) {
+        # re-reregistration function to automatic calcul of date expiry
+        $dateexpiry = $patron->renew_account;
+    } else {
+        my $sth = $dbh->prepare("UPDATE borrowers SET debarred = ?, debarredcomment = '' WHERE borrowernumber = ?");
+        $sth->execute( $status, $borrowernumber );
+        $sth->finish;
+    }
+}
 
 if($destination eq "circ"){
-       if($dateexpiry){
-        print $input->redirect("/cgi-bin/koha/circ/circulation.pl?findborrower=$cardnumber&was_renewed=1");
-       } else {
-               print $input->redirect("/cgi-bin/koha/circ/circulation.pl?findborrower=$cardnumber");
-       }
+    if($dateexpiry){
+        print $input->redirect("/cgi-bin/koha/circ/circulation.pl?borrowernumber=$borrowernumber&was_renewed=1");
+    } else {
+        print $input->redirect("/cgi-bin/koha/circ/circulation.pl?borrowernumber=$borrowernumber");
+    }
 } else {
-       if($dateexpiry){
+    if($dateexpiry){
         print $input->redirect("/cgi-bin/koha/members/moremember.pl?borrowernumber=$borrowernumber&was_renewed=1");
-       } else {
+    } else {
         print $input->redirect("/cgi-bin/koha/members/moremember.pl?borrowernumber=$borrowernumber");
-       }
+    }
 }