Bug 6824 - correctly check basket viewing permissions

Previously you couldn't view baskets that you hadn't created, unless you
were superlibrarian due to a bug. Now people with the right permissions
can see the baskets.

Applies to both 3.04.04 and master.

Signed-off-by: Brendan <info@bywatersolutions.com>
Signed-off-by: Melia Meggs <melia@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

diff --git a/acqui/basket.pl b/acqui/basket.pl
index dfc9447..70fb39c 100755 (executable)
--- a/acqui/basket.pl
+++ b/acqui/basket.pl
@@ -197,7 +197,7 @@ if ( $op eq 'delete_confirm' ) {
 #if the basket is closed,and the user has the permission to edit basketgroups, display a list of basketgroups
     my $basketgroups;
     my $member = GetMember(borrowernumber => $loggedinuser);
-    if ($basket->{closedate} && haspermission({ flagsrequired   => { acquisition => 'group_manage'} })) {
+    if ($basket->{closedate} && haspermission({ acquisition => 'group_manage'} )) {
         $basketgroups = GetBasketgroups($basket->{booksellerid});
         for my $bg ( @{$basketgroups} ) {
             if ($basket->{basketgroupid} && $basket->{basketgroupid} == $bg->{id}){

diff --git a/acqui/booksellers.pl b/acqui/booksellers.pl
index cc5c084..fb6b2f1 100755 (executable)
--- a/acqui/booksellers.pl
+++ b/acqui/booksellers.pl
@@ -106,7 +106,7 @@ for my $vendor (@suppliers) {
         if ((      $basket->{authorisedby}
                 && $basket->{authorisedby} eq $loggedinuser
             )
-            || haspermission( $uid, { flagsrequired => { acquisition => q{*} } } )
+            || haspermission( $uid, { acquisition => q{*} } )
           ) {
             for my $date_field (qw( creationdate closedate)) {
                 if ( $basket->{$date_field} ) {