Bug 15520: Add permission to restrict circ rules editing to own library

Test plan:

1) Ensure that you have four users:
 a) A superlibrarian
 b) A user with all `parameters` permissions (the toplevel `parameters`
    box is checked).
 c) A user with the `manage_circ_rules` permission (and, of course,
    `catalogue`).
 d) A user with the `manage_circ_rules`, `manage_circ_rules_restricted`
    and `catalogue` permissions.
2) As all four users, load the "Circulation and fine rules"
   administration page (admin/smart-rules.pl).
3) The page should be unchanged for the first three users. It should be
   possible to view and edit the circ rules for all libraries.
4) The last (restricted) user should only be able to view and edit the
   circ rules for their own library.

Amended by JD: In a second version of this patch
manage_circ_rules_restricted has been replaced by
manage_circ_rules_from_any_libraries and 'no_inherit' related code has
been removed

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

admin/smart-rules.pl

@@ -35,6 +35,7 @@ use Koha::Libraries;
 use Koha::CirculationRules;
 use Koha::Patron::Categories;
 use Koha::Caches;
+use Koha::Patrons;
 
 my $input = CGI->new;
 my $dbh = C4::Context->dbh;
@@ -61,6 +62,12 @@ unless ( $branch ) {
         $branch = C4::Context::only_my_library() ? ( C4::Context::mybranch() || '*' ) : '*';
     }
 }
+
+my $uid = Koha::Patrons->find( $loggedinuser )->userid;
+my $restricted_to_own_library = $uid && haspermission( $uid, { parameters => 'manage_circ_rules_restricted' }, { no_inherit => 1 } );
+$template->param( restricted_to_own_library => $restricted_to_own_library );
+$branch = C4::Context::mybranch() if $restricted_to_own_library;
+
 $branch = '*' if $branch eq 'NO_LIBRARY_SET';
 
 my $op = $input->param('op') || q{};

installer/data/mysql/atomicupdate/bug_15520-add_manage_circ_rules_restricted.sql

@@ -0,0 +1 @@
+INSERT IGNORE INTO `permissions` (module_bit, code, description) VALUES(3, 'manage_circ_rules_restricted', 'Only manage circ rules for own library');

installer/data/mysql/userpermissions.sql

@@ -7,6 +7,7 @@ INSERT INTO permissions (module_bit, code, description) VALUES
    ( 1, 'manage_checkout_notes', 'Mark checkout notes as seen/not seen'),
    ( 3, 'parameters_remaining_permissions', 'Remaining system parameters permissions'),
    ( 3, 'manage_circ_rules', 'Manage circulation rules'),
+   ( 3, 'manage_circ_rules_restricted', 'Only manage circ rules for own library'),
    ( 4, 'edit_borrowers', 'Add, modify and view patron information'),
    ( 4, 'view_borrower_infos_from_any_libraries', 'View patron infos from any libraries'),
    ( 6, 'place_holds', 'Place holds for patrons'),

koha-tmpl/intranet-tmpl/prog/en/includes/permissions.inc

@@ -33,6 +33,7 @@
     [%- CASE 'override_renewals' -%]<span>Override blocked renewals</span>
     [%- CASE 'manage_checkout_notes' %]<span>Mark checkout notes as seen/not seen</span>
     [%- CASE 'manage_circ_rules' -%]<span>manage circulation rules</span>
+    [%- CASE 'manage_circ_rules_restricted' -%]<span>Limit circulation rules editing to the user's own library (please note that manage_circ_rules is still required)</span>
     [%- CASE 'parameters_remaining_permissions' -%]<span>Remaining system parameters permissions</span>
     [%- CASE 'edit_borrowers' -%]<span>Add, modify and view patron information</span>
     [%- CASE 'view_borrower_infos_from_any_libraries' -%]<span>View patron infos from any libraries. If not set the logged in user could only access patron infos from its own library or group of libraries.</span>

koha-tmpl/intranet-tmpl/prog/en/modules/admin/smart-rules.tt

@@ -41,22 +41,24 @@
         <p>To modify a rule, create a new one with the same patron category and item type.</p>
     </div>
     <div>
-        <form method="get" action="/cgi-bin/koha/admin/smart-rules.pl" id="selectlibrary">
-        Select a library :
-            <select name="branch" id="branch" style="width:20em;">
-                <option value="*">Standard rules for all libraries</option>
-                [% PROCESS options_for_libraries libraries => Branches.all( selected => current_branch, unfiltered => 1 ) %]
-            </select>
-        </form>
-        [% IF ( definedbranch ) %]
-            <form action="/cgi-bin/koha/admin/clone-rules.pl" method="post">
-                <label for="tobranch"><strong>Clone these rules to:</strong></label>
-                <input type="hidden" name="frombranch" value="[% current_branch | html %]" />
-                <select name="tobranch" id="tobranch">
-                    [% PROCESS options_for_libraries libraries => Branches.all( unfiltered => 1 ) %]
+        [% UNLESS restricted_to_own_library %]
+            <form method="get" action="/cgi-bin/koha/admin/smart-rules.pl" id="selectlibrary">
+            Select a library :
+                <select name="branch" id="branch" style="width:20em;">
+                    <option value="*">Standard rules for all libraries</option>
+                    [% PROCESS options_for_libraries libraries => Branches.all( selected => current_branch, unfiltered => 1 ) %]
                 </select>
-                <input type="submit" id="clone_rules" value="Clone" />
             </form>
+            [% IF ( definedbranch ) %]
+                <form action="/cgi-bin/koha/admin/clone-rules.pl" method="post">
+                    <label for="tobranch"><strong>Clone these rules to:</strong></label>
+                    <input type="hidden" name="frombranch" value="[% current_branch | html %]" />
+                    <select name="tobranch" id="tobranch">
+                        [% PROCESS options_for_libraries libraries => Branches.all( unfiltered => 1 ) %]
+                    </select>
+                    <input type="submit" id="clone_rules" value="Clone" />
+                </form>
+            [% END %]
         [% END %]
 
         <form method="post" action="/cgi-bin/koha/admin/smart-rules.pl">