Bug 21192: Do not pick SelfRegistration hidden fields for SelfModification

There was a mix up between "modification" and "edit" for $action in
opac-memberentry.pl.

If a patron is logged into the OPAC and they attempt to submit changes to their
personal details without having actually changed anything, the page reloads with
a message stating 'No changes were made.' However, the fields that now appear
are those that have been allowed/hidden according to the preferences set for
patron self registration, even if patron self registration is disabled. This can
lead to problems if there are discrepancies between the fields allowed for self
register settings and those allowed for patron self modification settings.

To replicate:

1.) In Administration › System preferences > OPAC, set PatronSelfRegistration to
'don't allow'

2.) Modify the unwanted fields for PatronSelfModificationBorrowerUnwantedField
and PatronSelfRegistrationBorrowerUnwantedField so that at least one field is
different between the two settings and save (for example, specify 'mobile' to be
hidden in the former, but don't include in the list of fields to be hidden in
the latter).

3.) Log into the OPAC and navigate to the 'your personal details' tab. Notice
that the editable fields correspond to those not hidden by
PatronSelfModificationBorrowerUnwantedField

4.) Without making any changes, click on 'Submit update request'.

5.) Note that on this page the fields correspond to those not hidden by
PatronSelfRegistrationBorrowerUnwantedField and are now editable (including any
fields that would otherwise be hidden by the Self Modification settings).

Reported-By: Chris Slone <cslone@camdencountylibrary.org>
Signed-off-by: Devinim <kohadevinim@devinim.com.tr>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
(cherry picked from commit e0b1f945f9cdb4efd8b4403855cdc995023dc8be)
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 63ebdb815987f0072587b7e3df5dc54cada1accd)

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
(cherry picked from commit 70e95a7dc6fd2b45dbebfc3427b9101414c6546d)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>

diff --git a/opac/opac-memberentry.pl b/opac/opac-memberentry.pl
index 12eebbb..8188fc5 100755 (executable)
--- a/opac/opac-memberentry.pl
+++ b/opac/opac-memberentry.pl
@@ -88,7 +88,7 @@ if ( defined $min ) {
 
 $template->param(
     action            => $action,
-    hidden            => GetHiddenFields( $mandatory, 'registration' ),
+    hidden            => GetHiddenFields( $mandatory, $action ),
     mandatory         => $mandatory,
     libraries         => \@libraries,
     OPACPatronDetails => C4::Context->preference('OPACPatronDetails'),
@@ -306,7 +306,7 @@ elsif ( $action eq 'edit' ) {    #Display logged in borrower's data
     $template->param(
         borrower  => $borrower,
         guarantor => scalar Koha::Patrons->find($borrowernumber)->guarantor(),
-        hidden => GetHiddenFields( $mandatory, 'modification' ),
+        hidden => GetHiddenFields( $mandatory, 'edit' ),
         csrf_token => Koha::Token->new->generate_csrf({
             session_id => scalar $cgi->cookie('CGISESSID'),
         }),
@@ -335,7 +335,7 @@ sub GetHiddenFields {
     my ( $mandatory, $action ) = @_;
     my %hidden_fields;
 
-    my $BorrowerUnwantedField = $action eq 'modification' ?
+    my $BorrowerUnwantedField = $action eq 'edit' || $action eq 'update' ?
       C4::Context->preference( "PatronSelfModificationBorrowerUnwantedField" ) :
       C4::Context->preference( "PatronSelfRegistrationBorrowerUnwantedField" );