From: Matthias Meusburger Date: Tue, 9 Feb 2010 08:40:49 +0000 (+0100) Subject: MT2582: Fix user deletion without permission X-Git-Tag: v3.00.06~65 X-Git-Url: http://git.rot13.org/?a=commitdiff_plain;h=29aa287c58df805e8608788e37d88f1b445a9f83;hp=899156b3ec4299a6b9d8409a084252e869aaedbe;p=koha.git MT2582: Fix user deletion without permission --- diff --git a/koha-tmpl/intranet-tmpl/prog/en/includes/circ-toolbar.inc b/koha-tmpl/intranet-tmpl/prog/en/includes/circ-toolbar.inc index 359e6978ad..71c77a3470 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/includes/circ-toolbar.inc +++ b/koha-tmpl/intranet-tmpl/prog/en/includes/circ-toolbar.inc @@ -63,7 +63,7 @@ function update_child() { , disabled: true , disabled: true}, - { text: _("Delete"), disabled: true, onclick: { fn: confirm_deletion } }, + { text: _("Delete"), disabled: true, disabled: true, onclick: { fn: confirm_deletion } }, { text: _("Update Child to Adult Patron") , onclick: { fn: update_child }, disabled: true} ]; diff --git a/members/deletemem.pl b/members/deletemem.pl index eea47b0500..fa3cad3cb4 100755 --- a/members/deletemem.pl +++ b/members/deletemem.pl @@ -49,11 +49,19 @@ my $countissues = scalar(@$issues); my ($bor)=GetMemberDetails($member,''); my $flags=$bor->{flags}; my $userenv = C4::Context->userenv; + + + if ($bor->{category_type} eq "S") { unless(C4::Auth::haspermission($userenv->{'id'},{'staffaccess'=>1})) { print $input->redirect("/cgi-bin/koha/members/moremember.pl?borrowernumber=$member&error=CANT_DELETE_STAFF"); exit 1; } +} else { + unless(C4::Auth::haspermission($userenv->{'id'},{'borrowers'=>1})) { + print $input->redirect("/cgi-bin/koha/members/moremember.pl?borrowernumber=$member&error=CANT_DELETE"); + exit 1; + } } if (C4::Context->preference("IndependantBranches")) {