Bug 21939: Fix permissions for holds history tab

The tab will show when the staff user has edit_borrowers
permission, but the page itself will not be accessible.
This patch fixes the page permissions to allow access
with the edit_borrowers permission as suggested by the
comments on the original bug report.

To test:
- Create a staff user with only "edit_borrowers" permission
  from the borrowers module
- Try to access the holds history tab from any patron account
- Verify you are blocked
- Apply patch
- Try again and verify the page is accessible now
- Repeat with superlibrarian and full borrowers permission.

Signed-off-by: Séverine QUEUNE <severine.queune@bulac.fr>
Signed-off-by: Bob Bennhoff <bbennhoff@clicweb.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

diff --git a/members/holdshistory.pl b/members/holdshistory.pl
index c17535b..d0d96e0 100755 (executable)
--- a/members/holdshistory.pl
+++ b/members/holdshistory.pl
@@ -34,7 +34,7 @@ my ($template, $loggedinuser, $cookie)= get_template_and_user({template_name =>
                 query => $input,
                 type => "intranet",
                 authnotrequired => 0,
-                flagsrequired => {borrowers => 1},
+                flagsrequired => {borrowers => 'edit_borrowers'},
                 debug => 1,
                 });