get_template_and_user returns $flags from checkauth for in-page perms.

Signed-off-by: Joshua Ferraro <jmf@liblime.com>

diff --git a/C4/Auth.pm b/C4/Auth.pm
index 63b6ea5..cb7c338 100755 (executable)
--- a/C4/Auth.pm
+++ b/C4/Auth.pm
@@ -317,7 +317,7 @@ sub get_template_and_user {
                        OPACFRBRizeEditions => C4::Context->preference("OPACFRBRizeEditions"),
         );
     }
-    return ( $template, $borrowernumber, $cookie );
+    return ( $template, $borrowernumber, $cookie, $flags);
 }
 
 =item checkauth

diff --git a/members/member-password.pl b/members/member-password.pl
index 760860b..62adb79 100755 (executable)
--- a/members/member-password.pl
+++ b/members/member-password.pl
@@ -19,7 +19,7 @@ my $input = new CGI;
 my $theme = $input->param('theme') || "default";
                        # only used if allowthemeoverride is set
 
-my ($template, $loggedinuser, $cookie)
+my ($template, $loggedinuser, $cookie, $staffflags)
     = get_template_and_user({template_name => "members/member-password.tmpl",
                             query => $input,
                             type => "intranet",
@@ -36,12 +36,11 @@ $flagsrequired->{borrowers}=1;
 my $member=$input->param('member');
 my $cardnumber = $input->param('cardnumber');
 my $destination = $input->param('destination');
-
 my $errormsg;
-my ($bor,$flags)=GetMemberDetails( $member,'');
-if(( $member ne $loggedinuser ) && ($bor->{'category_type'} eq 'S' || $bor->{'authflags'}->{'catalogue'}) ) {
-       my $luser = GetMemberDetails($loggedinuser);
-       $errormsg = 'NOPERMISSION' unless($luser->{'authflags'}->{'staffaccess'} );
+my ($bor)=GetMember($member);
+if(( $member ne $loggedinuser ) && ($bor->{'category_type'} eq 'S' ) ) {
+       $errormsg = 'NOPERMISSION' unless($staffflags->{'superlibrarian'} || $staffflags->{'staffaccess'} );
+       # need superlibrarian for koha.xml fakeuser.
 }
 my $newpassword = $input->param('newpassword');
 my $minpw = C4::Context->preference('minPasswordLength');