Bug 10258: offer to create basket group only when staff user has correct permission
If the staff user does not have the group_manage acquisition permission,
do not offer to create a new basket group when closing an order basket.
This avoids a situation where if a staff member without that permission tries
to close a basket and chose the option to create a bakset group, they would
be redirected to the login page.
To test:
[1] Log in as a staff user that does not have
the acquisition/group_manage permission.
[2] Create a new order basket, attach at least one
order line to it, then close it.
[3] Verify that the confirmation page does not
offer to create a basket group with the
same name as the order basket.
[4] Log in as a staff user that has the
acquisition/group_manage permission.
[5] Create and close an order basket.
[6] Verify that this time, the confirmation page
*does* offer to create a basket group.
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
This commit is contained in:
Galen Charlton
parent
44364db8d5
commit
14a1bd0e42
1 changed files with 2 additions and 0 deletions
|
|
@ -462,10 +462,12 @@
|
|||
|
||||
<form action="/cgi-bin/koha/acqui/basket.pl" class="confirm">
|
||||
<h1>Are you sure you want to close basket [% basketname|html %]?</h1>
|
||||
[% IF ( CAN_user_acquisition_group_manage ) %]
|
||||
<p>
|
||||
<label for="createbasketgroup">Attach this basket to a new basket group with the same name</label>
|
||||
<input type="checkbox" id="createbasketgroup" name="createbasketgroup"/>
|
||||
</p>
|
||||
[% END %]
|
||||
<input type="hidden" id="basketno" value="[% basketno %]" name="basketno" />
|
||||
<input type="hidden" value="close" name="op" />
|
||||
<input type="hidden" name="booksellerid" value="[% booksellerid %]" />
|
||||
|
|
|
|||
Loading…
Reference in a new issue