projects / koha.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch (parent: f5894d4)
Bug 22724: Allow only users with correct permissions to 'Write off selected'
authorHayley Mapley <hayleymapley@catalyst.net.nz>
Wed, 8 May 2019 03:39:33 +0000 (15:39 +1200)
committerroot <root@f1ebe1bec408>
Thu, 30 May 2019 10:09:06 +0000 (10:09 +0000)
Due to the addition of a 'Write off selected' button in 18.11, users without
writeoff permissions could mistakenly view and action the 'Write off
selected' option for a patron in Accounting > Make a payment (Fines > Pay fines).
The attached patch corrects this error.

Test plan:
1) Make sure that a staff user has '(writeoff) Write off fines and fees'
permission disabled
2) Bring up a patron with an unpaid fee, go to Accounting -> Make a
payment
3) Note that 'Write off selected' button is displayed.
4) Select a fee, click 'Write off selected'. Note that staff member has
access to 'Write off an amount toward selected fines'
5) Apply the patch
6) Repeat steps 1-2, and note that the button is no longer displayed
7) Bonus points, as a staff user with writeoff permissions enabled check
that all four buttons (Pay amount, Pay selected, Write off all, Write
off selected) are displayed

Sponsored-by: Catalyst IT

Signed-off-by: Liz Rea <wizzyrea@gmail.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Liz Rea <wizzyrea@gmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

koha-tmpl/intranet-tmpl/prog/en/modules/members/pay.tt patch | blob | history

diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/members/pay.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/members/pay.tt
index 9d737bf..10796dd 100644 (file)
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/members/pay.tt
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/members/pay.tt
@@ -141,9 +141,9 @@
 </table>
 <fieldset class="action">
 <input type="submit" id="paycollect" name="paycollect"  value="Pay amount" class="submit" />
-[% IF CAN_user_updatecharges_writeoff %]<input type="submit" name="woall"  id="woall" value="Write off all" class="submit" />[% END %]
 <input type="submit" id="payselected" name="payselected"  value="Pay selected" class="submit" />
-<input type="submit" id="writeoff-selected" name="writeoff_selected"  value="Write off selected" class="submit" />
+[% IF CAN_user_updatecharges_writeoff %]<input type="submit" name="woall"  id="woall" value="Write off all" class="submit" />
+<input type="submit" id="writeoff-selected" name="writeoff_selected"  value="Write off selected" class="submit" />[% END %]
 <a class="cancel" href="/cgi-bin/koha/members/boraccount.pl?borrowernumber=[% patron.borrowernumber | html %]">Cancel</a>
 </fieldset>
 </form>
Mirror of git://git.koha-community.org/koha.git