Bug 22724: Allow only users with correct permissions to 'Write off selected'

Due to the addition of a 'Write off selected' button in 18.11, users without
writeoff permissions could mistakenly view and action the 'Write off
selected' option for a patron in Accounting > Make a payment (Fines > Pay fines).
The attached patch corrects this error.

Test plan:
1) Make sure that a staff user has '(writeoff) Write off fines and fees'
permission disabled
2) Bring up a patron with an unpaid fee, go to Accounting -> Make a
payment
3) Note that 'Write off selected' button is displayed.
4) Select a fee, click 'Write off selected'. Note that staff member has
access to 'Write off an amount toward selected fines'
5) Apply the patch
6) Repeat steps 1-2, and note that the button is no longer displayed
7) Bonus points, as a staff user with writeoff permissions enabled check
that all four buttons (Pay amount, Pay selected, Write off all, Write
off selected) are displayed

Sponsored-by: Catalyst IT

Signed-off-by: Liz Rea <wizzyrea@gmail.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Liz Rea <wizzyrea@gmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
(cherry picked from commit d36566d6eaa9dd02528bbd1219747ccfd4e6b531)
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/members/pay.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/members/pay.tt
index 6d8c942..9f29f87 100644 (file)
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/members/pay.tt
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/members/pay.tt
@@ -130,9 +130,9 @@
 </table>
 <fieldset class="action">
 <input type="submit" id="paycollect" name="paycollect"  value="Pay amount" class="submit" />
-[% IF CAN_user_updatecharges_writeoff %]<input type="submit" name="woall"  id="woall" value="Write off all" class="submit" />[% END %]
 <input type="submit" id="payselected" name="payselected"  value="Pay selected" class="submit" />
-<input type="submit" id="writeoff-selected" name="writeoff_selected"  value="Write off selected" class="submit" />
+[% IF CAN_user_updatecharges_writeoff %]<input type="submit" name="woall"  id="woall" value="Write off all" class="submit" />
+<input type="submit" id="writeoff-selected" name="writeoff_selected"  value="Write off selected" class="submit" />[% END %]
 <a class="cancel" href="/cgi-bin/koha/members/boraccount.pl?borrowernumber=[% patron.borrowernumber | html %]">Cancel</a>
 </fieldset>
 </form>