Bug 18403: Add new methods Koha::Patrons->search_limited and use it where needed

Most of the time when we search for patrons we do not want to search for all patrons,
but just the ones the logged in user is allowed to see the information.
This patch takes care of that by adding a new search_limited method to Koha::Patrons.
When called this method only search for patrons that the logged in user is allowed
to see.

Test plan:
Patron autocomplete search should be limited

Signed-off-by: Signed-off-by: Jon McGowan <jon.mcgowan@ptfs-europe.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

diff --git a/Koha/Patrons.pm b/Koha/Patrons.pm
index fd2b997..54c805d 100644 (file)
--- a/Koha/Patrons.pm
+++ b/Koha/Patrons.pm
@@ -41,6 +41,41 @@ Koha::Patron - Koha Patron Object class
 
 =cut
 
+=head3 search_limited
+
+my $patrons = Koha::Patrons->search_limit( $params, $attributes );
+
+Returns all the patrons the logged in user is allowed to see
+
+=cut
+
+sub search_limited {
+    my ( $self, $params, $attributes ) = @_;
+
+    my $userenv = C4::Context->userenv;
+    my @restricted_branchcodes;
+    my $logged_in_user = Koha::Patrons->find( $userenv->{number} );
+    if ( $logged_in_user and not
+        $logged_in_user->can(
+            { borrowers => 'view_borrower_infos_from_any_libraries' }
+        )
+      )
+    {
+        if ( my $library_groups = $logged_in_user->library->library_groups )
+        {
+            while ( my $library_group = $library_groups->next ) {
+                push @restricted_branchcodes,
+                  $library_group->parent->children->get_column('branchcode');
+            }
+        }
+        else {
+            push @restricted_branchcodes, $userenv->{branch};
+        }
+    }
+    $params->{'me.branchcode'} = { -in => \@restricted_branchcodes } if @restricted_branchcodes;
+    return $self->search( $params, $attributes );
+}
+
 =head3 search_housebound_choosers
 
 Returns all Patrons which are Housebound choosers.

diff --git a/circ/ysearch.pl b/circ/ysearch.pl
index 37eaed4..7a75c80 100755 (executable)
--- a/circ/ysearch.pl
+++ b/circ/ysearch.pl
@@ -67,7 +67,7 @@ foreach my $p (@parts) {
 
 push( @params, { branchcode => C4::Context->userenv->{branch} } ) if $limit_on_branch;
 
-my $borrowers_rs = Koha::Patrons->search(
+my $borrowers_rs = Koha::Patrons->search_limited(
     { -and => \@params },
     {
         # Get the first 10 results

diff --git a/members/memberentry.pl b/members/memberentry.pl
index 27311e3..5f5c922 100755 (executable)
--- a/members/memberentry.pl
+++ b/members/memberentry.pl
@@ -238,7 +238,7 @@ if ( ( $op eq 'insert' ) and !$nodouble ) {
         $conditions->{dateofbirth} = $newdata{dateofbirth} if $newdata{dateofbirth};
     }
     $nodouble = 1;
-    my $patrons = Koha::Patrons->search($conditions);
+    my $patrons = Koha::Patrons->search($conditions); # FIXME Should be search_limited?
     if ( $patrons->count > 0) {
         $nodouble = 0;
         $check_member = $patrons->next->borrowernumber;

diff --git a/opac/opac-memberentry.pl b/opac/opac-memberentry.pl
index cf1abab..9d3bed8 100755 (executable)
--- a/opac/opac-memberentry.pl
+++ b/opac/opac-memberentry.pl
@@ -390,7 +390,7 @@ sub CheckForInvalidFields {
         unless ( Email::Valid->address($borrower->{'email'}) ) {
             push(@invalidFields, "email");
         } elsif ( C4::Context->preference("PatronSelfRegistrationEmailMustBeUnique") ) {
-            my $patrons_with_same_email = Koha::Patrons->search(
+            my $patrons_with_same_email = Koha::Patrons->search( # FIXME Should be search_limited?
                 {
                     email => $borrower->{email},
                     (