[Patches] [PATCH] Fix for Bug 5974 - Bogus auth check for "StaffMember" role

[koha-patchbot at kohaaloha.com]

From: Owen Leonard <oleonard at myacpl.org>
Date: Mon, 28 Mar 2011 14:08:00 -0400
Subject: [PATCH] Fix for Bug 5974 - Bogus auth check for "StaffMember" role

Also removing some YAHOO.widget.Button declarations which
are redundant.

Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz>
---
 .../prog/en/includes/circ-toolbar.inc              |   30 +++----------------
 .../prog/en/includes/members-toolbar.inc           |    8 +----
 2 files changed, 7 insertions(+), 31 deletions(-)

diff --git a/koha-tmpl/intranet-tmpl/prog/en/includes/circ-toolbar.inc b/koha-tmpl/intranet-tmpl/prog/en/includes/circ-toolbar.inc
index 503f954..972393d 100644
--- a/koha-tmpl/intranet-tmpl/prog/en/includes/circ-toolbar.inc
+++ b/koha-tmpl/intranet-tmpl/prog/en/includes/circ-toolbar.inc
@@ -63,13 +63,9 @@ function update_child() {
 	
 		var moremenu = [
 			{ text: _("Renew Patron"),  onclick: { fn: confirm_reregistration } },
-            { text: _("Set Permissions"), url: "/cgi-bin/koha/members/member-flags.pl?member=[% borrowernumber %]"
-                [% IF ( CAN_user_permissions ) %][% IF ( StaffMember ) %]
-                    [% UNLESS ( CAN_user_staffaccess ) %], disabled: true[% END %]
-                    [% ELSE %][% END %]
-                [% ELSE %], disabled: true[% END %]},
-            { text: _("Delete"), [% IF ( StaffMember ) %][% UNLESS ( CAN_user_staffaccess ) %]disabled: true, [% END %][% ELSE %][% UNLESS ( CAN_user_borrowers ) %]disabled: true, [% END %][% END %] onclick: { fn: confirm_deletion } },
-			{ text: _("Update Child to Adult Patron") , onclick: { fn: update_child }[% UNLESS ( is_child ) %], disabled: true[% END %]}
+			{ text: _("Set Permissions"), url: "/cgi-bin/koha/members/member-flags.pl?member=[% borrowernumber %]"[% UNLESS CAN_user_permissions %], disabled: true[% END %]},
+            { text: _("Delete"), [% UNLESS CAN_user_borrowers %]disabled: true, [% END %] onclick: { fn: confirm_deletion } },
+			{ text: _("Update Child to Adult Patron") , onclick: { fn: update_child }[% UNLESS is_child" %], disabled: true[% END %]}
 		];
 
 	    new YAHOO.widget.Button({
@@ -97,23 +93,9 @@ function update_child() {
 	    [% IF ( adultborrower ) %]new YAHOO.widget.Button("addchild");[% END %]
 	    new YAHOO.widget.Button("editpatron");
 	    new YAHOO.widget.Button("addnote");
-        [% IF ( StaffMember ) %][% IF ( CAN_user_staffaccess ) %] new YAHOO.widget.Button("changepassword");  [% END %]
-            [% ELSE %] new YAHOO.widget.Button("changepassword"); [% END %]
-	    new YAHOO.widget.Button("duplicate");
+        [% IF CAN_user_staffaccess %] new YAHOO.widget.Button("changepassword");  [% END %]
 	    new YAHOO.widget.Button("printslip");
 		new YAHOO.widget.Button("printpage");
-	    new YAHOO.widget.Button("renewpatron");
-        [% IF ( CAN_user_permissions ) %]
-          [% IF ( StaffMember ) %]
-            [% IF ( CAN_user_staffaccess ) %]
-              new YAHOO.widget.Button("patronflags");
-            [% END %]
-          [% ELSE %]
-          new YAHOO.widget.Button("patronflags");
-          [% END %]
-        [% END %]
-        [% IF ( StaffMember ) %][% UNLESS ( CAN_user_staffaccess ) %]new YAHOO.widget.Button("deletepatron");[% END %]
-            [% ELSE %]new YAHOO.widget.Button("deletepatron");[% END %]
 	}
 
 	//]]>
@@ -136,9 +118,7 @@ function update_child() {
 	[% END %]
 	[% IF ( CAN_user_borrowers ) %]
 	[% IF ( adultborrower ) %]<li><a id="addchild" href="/cgi-bin/koha/members/memberentry.pl?op=add&guarantorid=[% borrowernumber %]&category_type=C">Add child</a></li>[% END %]
-[% IF ( StaffMember ) %][% IF ( CAN_user_staffaccess ) %] <li><a id="changepassword" href="/cgi-bin/koha/members/member-password.pl?member=[% borrowernumber %]">Change Password</a></li>[% END %]
-          [% ELSE %] <li><a id="changepassword" href="/cgi-bin/koha/members/member-password.pl?member=[% borrowernumber %]">Change Password</a></li>[% END %]	
-	  [% END %]
+	[% CAN_user_staffaccess %] <li><a id="changepassword" href="/cgi-bin/koha/members/member-password.pl?member=[% borrowernumber %]">Change Password</a></li>[% END %]
 	<li><a id="duplicate" href="/cgi-bin/koha/members/memberentry.pl?op=duplicate&borrowernumber=[% borrowernumber %]&category_type=[% category_type %]">Duplicate</a></li>
 	<li id="printmenuc"><a id="printpage" href="/cgi-bin/koha/members/moremember.pl?borrowernumber=[% borrowernumber %]&print=page">Print Page</a></li>
 	<li><a id="printslip" href="/cgi-bin/koha/members/moremember.pl?borrowernumber=[% borrowernumber %]&print=slip">Print Slip</a></li>
diff --git a/koha-tmpl/intranet-tmpl/prog/en/includes/members-toolbar.inc b/koha-tmpl/intranet-tmpl/prog/en/includes/members-toolbar.inc
index afad863..bc3e920 100644
--- a/koha-tmpl/intranet-tmpl/prog/en/includes/members-toolbar.inc
+++ b/koha-tmpl/intranet-tmpl/prog/en/includes/members-toolbar.inc
@@ -91,14 +91,10 @@ function update_child() {
 	    [% IF ( adultborrower ) %]new YAHOO.widget.Button("addchild");[% END %]
 	    new YAHOO.widget.Button("editpatron");
 	    new YAHOO.widget.Button("addnote");
-	    new YAHOO.widget.Button("changepassword");
+            [% IF CAN_user_staffaccess %]new YAHOO.widget.Button("changepassword");  [% END %]
 	    new YAHOO.widget.Button("duplicate");
 	    new YAHOO.widget.Button("printslip");
 		new YAHOO.widget.Button("printpage");
-	    new YAHOO.widget.Button("renewpatron");
-		new YAHOO.widget.Button("patronflags");
-		new YAHOO.widget.Button("deletepatron");
-		new YAHOO.widget.Button("updatechild");
 	}
 
 	//]]>
@@ -119,7 +115,7 @@ function update_child() {
             [% END %]
         [% END %]
 	[% IF ( adultborrower ) %]<li><a id="addchild" href="/cgi-bin/koha/members/memberentry.pl?op=add&guarantorid=[% borrowernumber %]&category_type=C">Add child</a></li>[% END %]
-	<li><a id="changepassword" href="/cgi-bin/koha/members/member-password.pl?member=[% borrowernumber %]">Change Password</a></li>
+	[% IF CAN_user_staffaccess %]<li><a id="changepassword" href="/cgi-bin/koha/members/member-password.pl?member=[% borrowernumber %]">Change Password</a></li> [% END %]
 	<li><a id="duplicate" href="/cgi-bin/koha/members/memberentry.pl?op=duplicate&borrowernumber=[% borrowernumber %]&category_type=[% category_type %]">Duplicate</a></li>
     <li id="printmenuc"><a id="printpage" href="/cgi-bin/koha/members/moremember.pl?borrowernumber=[% borrowernumber %]&print=page">Print Page</a></li>
 	<li><a id="printslip" href="/cgi-bin/koha/members/moremember.pl?borrowernumber=[% borrowernumber %]&print=slip">Print Slip</a></li>
-- 
1.7.5.4