my $branchcode = $params->{branchcode};
my $searchtype = $params->{searchtype} || 'contain';
my $searchfieldstype = $params->{searchfieldstype} || 'standard';
+ my $has_permission = $params->{has_permission};
my $dt_params = $params->{dt_params};
unless ( $searchmember ) {
my ($sth, $query, $iTotalQuery, $iTotalRecords, $iTotalDisplayRecords);
my $dbh = C4::Context->dbh;
+
+ # Get the module_bit from a given permission code
+ if ( $has_permission ) {
+ ($has_permission->{module_bit}) = $dbh->selectrow_array(q|
+ SELECT bit FROM userflags WHERE flag=?
+ |, undef, $has_permission->{permission});
+ }
+
# Get the iTotalRecords DataTable variable
- $query = $iTotalQuery = "SELECT COUNT(borrowers.borrowernumber) FROM borrowers";
+ $iTotalQuery = "SELECT COUNT(borrowers.borrowernumber) FROM borrowers";
+ if ( $has_permission ) {
+ $iTotalQuery .= ' LEFT JOIN user_permissions on borrowers.borrowernumber=user_permissions.borrowernumber';
+ }
+
+ my (@where, @conditions);
if ( @restricted_branchcodes ) {
- $iTotalQuery .= " WHERE borrowers.branchcode IN (" . join( ',', ('?') x @restricted_branchcodes ) . ")";
+ push @where, "borrowers.branchcode IN (" . join( ',', ('?') x @restricted_branchcodes ) . ")";
+ push @conditions, @restricted_branchcodes;
}
- ($iTotalRecords) = $dbh->selectrow_array( $iTotalQuery, undef, @restricted_branchcodes );
+ if ( $has_permission ) {
+ push @where, '( borrowers.flags = 1 OR borrowers.flags & (1 << ?) OR module_bit=? AND code=? )';
+ push @conditions, ($has_permission->{module_bit}) x 2, $has_permission->{subpermission};
+ }
+ $iTotalQuery .= ' WHERE ' . join ' AND ', @where if @where;
+ ($iTotalRecords) = $dbh->selectrow_array( $iTotalQuery, undef, @conditions );
# Do that after iTotalQuery!
if ( defined $branchcode and $branchcode ) {
my $select = "SELECT
borrowers.borrowernumber, borrowers.surname, borrowers.firstname,
+ borrowers.flags,
borrowers.streetnumber, borrowers.streettype, borrowers.address,
borrowers.address2, borrowers.city, borrowers.state, borrowers.zipcode,
borrowers.country, cardnumber, borrowers.dateexpiry,
categories.description AS category_description, categories.category_type,
branches.branchname, borrowers.phone";
my $from = "FROM borrowers
- LEFT JOIN branches ON borrowers.branchcode = branches.branchcode
- LEFT JOIN categories ON borrowers.categorycode = categories.categorycode";
+ LEFT JOIN branches ON borrowers.branchcode = branches.branchcode
+ LEFT JOIN categories ON borrowers.categorycode = categories.categorycode";
+ if ( $has_permission ) {
+ $from .= '
+ LEFT JOIN user_permissions on borrowers.borrowernumber=user_permissions.borrowernumber';
+ }
my @where_args;
my @where_strs;
if(defined $firstletter and $firstletter ne '') {
if @where_strs_or;
}
- my $where;
- $where = " WHERE " . join (" AND ", @where_strs) if @where_strs;
+ if ( $has_permission ) {
+ push @where_strs, '( borrowers.flags = 1 OR borrowers.flags & (1 << ?) OR module_bit=? AND code=? )';
+ push @where_args, ($has_permission->{module_bit}) x 2, $has_permission->{subpermission};
+ }
+
+ my $where = " WHERE " . join (" AND ", @where_strs) if @where_strs;
my $orderby = dt_build_orderby($dt_params);
my $limit;
} if $member;
}
+if ($has_permission) {
+ my ( $permission, $subpermission ) = split /\./, $has_permission;
+ $has_permission = {permission => $permission, subpermission => $subpermission};
+}
+
# Perform the patrons search
$results = C4::Utils::DataTables::Members::search(
{
searchtype => $searchtype,
searchfieldstype => $searchfieldstype,
dt_params => \%dt_params,
+ ( $has_permission ? ( has_permission => $has_permission ) : () ),
}
) unless $results;
-# It is not recommanded to use the has_permission param if you use the pagination
-# The filter is done AFTER requested the data
-if ($has_permission) {
- my ( $permission, $subpermission ) = split /\./, $has_permission;
- my @patrons_with_permission;
- for my $patron ( @{ $results->{patrons} } ) {
- push @patrons_with_permission, $patron
- if haspermission( $patron->{userid}, { $permission => $subpermission } );
- }
- $results->{patrons} = \@patrons_with_permission;
- $results->{iTotalDisplayRecords} = scalar( @patrons_with_permission );
-}
-
$template->param(
sEcho => $sEcho,
iTotalRecords => $results->{iTotalRecords},