Bug 25875: Move check for module_bit and code to the JOIN

If we limit the JOIN to rows with the correct subpermission we won't
duplicate the returned patrons

To test:
 1 - Give a patron full acquisitions permissions
 2 - Also give them several subpermissions on other areas
 3 - Go to Acquisitions
 4 - Edit a fund
 5 - Add a user to the fund
 6 - Search for user above
 7 - They return multiple times in results
 8 - Apply patch
 9 - Restart all the things
10 - Repeat search
11 - Patron appears once

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

diff --git a/C4/Utils/DataTables/Members.pm b/C4/Utils/DataTables/Members.pm
index 29efd0b..580a3ea 100644 (file)
--- a/C4/Utils/DataTables/Members.pm
+++ b/C4/Utils/DataTables/Members.pm
@@ -36,13 +36,15 @@ sub search {
         |, undef, $has_permission->{permission});
     }
 
+    my (@where, @conditions);
     # Get the iTotalRecords DataTable variable
     $iTotalQuery = "SELECT COUNT(borrowers.borrowernumber) FROM borrowers";
     if ( $has_permission ) {
-        $iTotalQuery .= ' LEFT JOIN user_permissions on borrowers.borrowernumber=user_permissions.borrowernumber';
+        $iTotalQuery .= ' LEFT JOIN user_permissions ON borrowers.borrowernumber=user_permissions.borrowernumber';
+        $iTotalQuery .= ' AND module_bit=? AND code=?';
+        push @conditions, $has_permission->{module_bit}, $has_permission->{subpermission};
     }
 
-    my (@where, @conditions);
     if ( @restricted_branchcodes ) {
         push @where, "borrowers.branchcode IN (" . join( ',', ('?') x @restricted_branchcodes ) . ")";
         push @conditions, @restricted_branchcodes;
@@ -89,11 +91,13 @@ sub search {
     my $from = "FROM borrowers
                 LEFT JOIN branches ON borrowers.branchcode = branches.branchcode
                 LEFT JOIN categories ON borrowers.categorycode = categories.categorycode";
+    my @where_args;
     if ( $has_permission ) {
         $from .= '
-                LEFT JOIN user_permissions on borrowers.borrowernumber=user_permissions.borrowernumber';
+                LEFT JOIN user_permissions ON borrowers.borrowernumber=user_permissions.borrowernumber
+                AND module_bit=? AND code=?';
+        push @where_args, $has_permission->{module_bit}, $has_permission->{subpermission};
     }
-    my @where_args;
     my @where_strs;
     if(defined $firstletter and $firstletter ne '') {
         push @where_strs, "borrowers.surname LIKE ?";