Able to call haspermission w/o $dbh, and add error msg on deletemember.

Signed-off-by: Chris Cormack <crc@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>

diff --git a/C4/Auth.pm b/C4/Auth.pm
index b4d7b96..82a895c 100755 (executable)
--- a/C4/Auth.pm
+++ b/C4/Auth.pm
@@ -1198,6 +1198,7 @@ Returns member's flags or 0 if a permission is not met.
 sub haspermission {
     my ( $dbh, $userid, $flagsrequired ) = @_;
        my ($flags,$intflags);
+       $dbh=C4::Context->dbh unless($dbh);
        if(ref($userid)) {
                $intflags = $userid->{'flags'};  
        } else {

diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/members/moremember.tmpl b/koha-tmpl/intranet-tmpl/prog/en/modules/members/moremember.tmpl
index 9ee6ebe..48be87a 100644 (file)
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/members/moremember.tmpl
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/members/moremember.tmpl
@@ -29,6 +29,9 @@ Userid / Password update failed:
 Insufficient user permissions.
 Other fields updated.
 <!-- /TMPL_IF -->
+<!-- TMPL_IF NAME="CANT_DELETE" -->
+Unable to delete member: insufficient privileges.
+<!-- /TMPL_IF -->
 </div>
 <!-- /TMPL_IF -->
 <div class="yui-g">

diff --git a/members/deletemem.pl b/members/deletemem.pl
index 0aa7e5c..e1f8a59 100755 (executable)
--- a/members/deletemem.pl
+++ b/members/deletemem.pl
@@ -36,9 +36,6 @@ my $input = new CGI;
 
 my $flagsrequired;
 $flagsrequired->{borrowers}=1;
-if( $bor->{'category_type'} eq 'S' )  {
-    $flagsrequired->{'staffaccess'} = 1;
-}  
 my ($loggedinuser, $cookie, $sessionID) = checkauth($input, 0, $flagsrequired);
 
 
@@ -51,12 +48,18 @@ my ($countissues,$issues)=GetPendingIssues($member);
 
 my ($bor)=GetMemberDetails($member,'');
 my $flags=$bor->{flags};
+
+my $userenv = C4::Context->userenv;
+if(C4::Auth::haspermission(undef,$userenv->{'id'},{'staffaccess'=>1})) {
+  print $input->redirect("/cgi-bin/koha/members/moremember.pl?borrowernumber=$member&error=CANT_DELETE");
+       exit 1;
+}
+
 if (C4::Context->preference("IndependantBranches")) {
-       my $userenv = C4::Context->userenv;
        unless ($userenv->{flags} == 1){
                unless ($userenv->{'branch'} eq $bor->{'branchcode'}){
 #                      warn "user ".$userenv->{'branch'} ."borrower :". $bor->{'branchcode'};
-                       print $input->redirect("/cgi-bin/koha/members/moremember.pl?borrowernumber=$member");
+                       print $input->redirect("/cgi-bin/koha/members/moremember.pl?borrowernumber=$member&error=CANT_DELETE");
                        exit 1;
                }
        }