X-Git-Url: http://git.rot13.org/?a=blobdiff_plain;f=members%2Fmember-flags.pl;h=c527ff09f42637f226c3975e7461fb25133ef0f1;hb=0c45edcebb474009d8da64bd479b0f9de1872e15;hp=d54984adb9a5ddb587adfabcd8f2138a3aa3acfa;hpb=0c3c162f767f5587f5fad7375151f8efca3689b3;p=koha.git

diff --git a/members/member-flags.pl b/members/member-flags.pl
index d54984adb9..c527ff09f4 100755
--- a/members/member-flags.pl
+++ b/members/member-flags.pl
@@ -4,12 +4,9 @@
 # Written by Steve Tonnesen
 # July 26, 2002 (my birthday!)
 
-use strict;
-use warnings;
+use Modern::Perl;
 
 use CGI qw ( -utf8 );
-use Digest::MD5 qw(md5_base64);
-use Encode qw( encode );
 use C4::Output;
 use C4::Auth qw(:DEFAULT :EditPermissions);
 use C4::Context;
@@ -18,18 +15,25 @@ use C4::Members::Attributes qw(GetBorrowerAttributes);
 #use C4::Acquisitions;
 
 use Koha::Patron::Categories;
+use Koha::Patrons;
 
 use C4::Output;
-use Koha::Patron::Images;
 use Koha::Token;
 
 my $input = new CGI;
 
 my $flagsrequired = { permissions => 1 };
 my $member=$input->param('member');
-my $bor = GetMember( borrowernumber => $member );
-if( $bor->{'category_type'} eq 'S' )  {
-	$flagsrequired->{'staffaccess'} = 1;
+my $patron = Koha::Patrons->find( $member );
+unless ( $patron ) {
+    print $input->redirect("/cgi-bin/koha/circ/circulation.pl?borrowernumber=$member");
+    exit;
+}
+
+my $category_type = $patron->category->category_type;
+my $bor = $patron->unblessed;
+if( $category_type eq 'S' )  { # FIXME Is this really needed?
+    $flagsrequired->{'staffaccess'} = 1;
 }
 my ($template, $loggedinuser, $cookie) = get_template_and_user({
         template_name   => "members/member-flags.tt",
@@ -40,6 +44,8 @@ my ($template, $loggedinuser, $cookie) = get_template_and_user({
         debug           => 1,
 });
 
+my $logged_in_user = Koha::Patrons->find( $loggedinuser ) or die "Not logged in";
+output_and_exit_if_error( $input, $cookie, $template, { module => 'members', logged_in_user => $logged_in_user, current_patron => $patron } );
 
 my %member2;
 $member2{'borrowernumber'}=$member;
@@ -48,8 +54,7 @@ if ($input->param('newflags')) {
 
     die "Wrong CSRF token"
         unless Koha::Token->new->check_csrf({
-            id     => Encode::encode( 'UTF-8', C4::Context->userenv->{id} ),
-            secret => md5_base64( Encode::encode( 'UTF-8', C4::Context->config('pass') ) ),
+            session_id => scalar $input->cookie('CGISESSID'),
             token  => scalar $input->param('csrf_token'),
         });
 
@@ -79,8 +84,13 @@ if ($input->param('newflags')) {
     }
     
     $sth = $dbh->prepare("UPDATE borrowers SET flags=? WHERE borrowernumber=?");
+    my $old_flags = $patron->flags // 0;
+    if( ( $old_flags == 1 || $module_flags == 1 ) &&
+      $old_flags != $module_flags ) {
+        die "Non-superlibrarian is changing superlibrarian privileges" if !C4::Context->IsSuperLibrarian && C4::Context->preference('ProtectSuperlibrarianPrivileges'); # Interface should not allow this, so we can just die here
+    }
     $sth->execute($module_flags, $member);
-    
+
     # deal with subpermissions
     $sth = $dbh->prepare("DELETE FROM user_permissions WHERE borrowernumber = ?");
     $sth->execute($member); 
@@ -98,7 +108,6 @@ if ($input->param('newflags')) {
     print $input->redirect("/cgi-bin/koha/members/moremember.pl?borrowernumber=$member");
 } else {
 
-    my $flags = C4::Members::patronflags( $bor );
     my $accessflags;
     my $dbh = C4::Context->dbh();
     # FIXME This needs to be improved to avoid doing the same query
@@ -117,14 +126,14 @@ if ($input->param('newflags')) {
     my @loop;
 
     while (my ($bit, $flag) = $sth->fetchrow) {
-	    my $checked='';
-	    if ($accessflags->{$flag}) {
-	        $checked= 1;
-	    }
-
-	    my %row = ( bit => $bit,
-		    flag => $flag,
-		    checked => $checked,
+        my $checked='';
+        if ($accessflags->{$flag}) {
+            $checked= 1;
+        }
+
+        my %row = ( bit => $bit,
+            flag => $flag,
+            checked => $checked,
         );
 
         my @sub_perm_loop = ();
@@ -170,18 +179,14 @@ if ($input->param('newflags')) {
         if ($#sub_perm_loop > -1) {
             $row{sub_perm_loop} = \@sub_perm_loop;
         }
-	    push @loop, \%row;
+        push @loop, \%row;
     }
 
-    if ( $bor->{'category_type'} eq 'C') {
+    if ( $patron->is_child ) {
         my $patron_categories = Koha::Patron::Categories->search_limited({ category_type => 'A' }, {order_by => ['categorycode']});
         $template->param( 'CATCODE_MULTI' => 1) if $patron_categories->count > 1;
-        $template->param( 'catcode' => $patron_categories->next )  if $patron_categories->count == 1;
+        $template->param( 'catcode' => $patron_categories->next->categorycode )  if $patron_categories->count == 1;
     }
-	
-$template->param( adultborrower => 1 ) if ( $bor->{'category_type'} eq 'A' );
-    my $patron_image = Koha::Patron::Images->find($bor->{borrowernumber});
-    $template->param( picture => 1 ) if $patron_image;
 
 if (C4::Context->preference('ExtendedPatronAttributes')) {
     my $attributes = GetBorrowerAttributes($bor->{'borrowernumber'});
@@ -192,37 +197,12 @@ if (C4::Context->preference('ExtendedPatronAttributes')) {
 }
 
 $template->param(
-		borrowernumber => $bor->{'borrowernumber'},
-    cardnumber => $bor->{'cardnumber'},
-		surname => $bor->{'surname'},
-		firstname => $bor->{'firstname'},
-        othernames => $bor->{'othernames'},
-		categorycode => $bor->{'categorycode'},
-		category_type => $bor->{'category_type'},
-		categoryname => $bor->{'description'},
-        address => $bor->{address},
-		address2 => $bor->{'address2'},
-        streettype => $bor->{streettype},
-		city => $bor->{'city'},
-        state => $bor->{'state'},
-		zipcode => $bor->{'zipcode'},
-		country => $bor->{'country'},
-		phone => $bor->{'phone'},
-        phonepro => $bor->{'phonepro'},
-        mobile => $bor->{'mobile'},
-		email => $bor->{'email'},
-        emailpro => $bor->{'emailpro'},
-		branchcode => $bor->{'branchcode'},
-		loop => \@loop,
-		is_child        => ($bor->{'category_type'} eq 'C'),
-		activeBorrowerRelationship => (C4::Context->preference('borrowerRelationship') ne ''),
-        RoutingSerials => C4::Context->preference('RoutingSerials'),
-        csrf_token => Koha::Token->new->generate_csrf(
-            {   id     => Encode::encode( 'UTF-8', C4::Context->userenv->{id} ),
-                secret => md5_base64( Encode::encode( 'UTF-8', C4::Context->config('pass') ) ),
-            }
-        ),
-		);
+    patron         => $patron,
+    loop           => \@loop,
+    csrf_token =>
+        Koha::Token->new->generate_csrf( { session_id => scalar $input->cookie('CGISESSID'), } ),
+    disable_superlibrarian_privs => C4::Context->preference('ProtectSuperlibrarianPrivileges') ? !C4::Context->IsSuperLibrarian : 0,
+);
 
     output_html_with_http_headers $input, $cookie, $template->output;