Bug 10888: Don't hide authorities module from users who lack permission to edit authorities

It should be possible for staff client users to search and view
authority records even if they don't have permission to edit them.

To test, apply the patch and view the staff client as a user with and
without "editauthorities" permission.

With "editauthorities" permission, authority search results should show
both an edit and delete link. Viewing the details of an authority
record, one should see a toolbar with edit/delete/new options.

The detail view has been altered to use the term "record" in place of
"biblio" ("Used in X record(s)).

Without "editauthorities" permission, authority search results should
show no edit or delete link. Viewing the details of an authority, the
only option shown in the toolbar should be "Save."

On the staff client home page and in the header's "More" menu the link
to the authorities module should now appear with and without permission
to edit authorities.

This patch also corrects the permissions in the authority export script
to allow saving of authority records by users who do not have permission
to edit.

Signed-off-by: Paola Rossi <paola.rossi@cineca.it>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>

authorities/export.pl

@@ -15,7 +15,7 @@ my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
         query           => $query,
         type            => "intranet",
         authnotrequired => 0,
-        flagsrequired   => { editauthorities => 1 },
+        flagsrequired   => { catalogue => 1 },
         debug           => 1,
     }
 );

koha-tmpl/intranet-tmpl/prog/en/includes/authorities-toolbar.inc

@@ -9,14 +9,19 @@
 
 //]]>
 </script>
+
+[% IF ( authid || CAN_user_editauthorities) %]
+
 <div id="toolbar" class="btn-toolbar">
 
 [% IF ( authid ) %]
-    <div class="btn-group"><a class="btn btn-small" id="editAuth" href="authorities.pl?authid=[% authid %]"><i class="icon-pencil"></i> Edit</a></div>
-    [% UNLESS ( count ) %]
-        <div class="btn-group"><a href="#" class="btn btn-small" id="delAuth"><i class="icon-remove"></i> Delete</a></div>
+    [% IF ( CAN_user_editauthorities ) %]
+        <div class="btn-group"><a class="btn btn-small" id="editAuth" href="authorities.pl?authid=[% authid %]"><i class="icon-pencil"></i> Edit</a></div>
+        <div class="btn-group"><a class="btn btn-small" id="dupAuth" href="authorities.pl?authid=[% authid %]&amp;op=duplicate"><i class="icon-copy"></i> Duplicate</a></div>
+        [% UNLESS ( count ) %]
+            <div class="btn-group"><a href="#" class="btn btn-small" id="delAuth"><i class="icon-remove"></i> Delete</a></div>
+        [% END %]
     [% END %]
-    <div class="btn-group"><a class="btn btn-small" id="dupAuth" href="authorities.pl?authid=[% authid %]&amp;op=duplicate"><i class="icon-copy"></i> Duplicate</a></div>
 
     <div class="btn-group">
         <a class="btn btn-small dropdown-toggle" data-toggle="dropdown" href="#"><i class="icon-download-alt"></i> Save
@@ -31,6 +36,7 @@
     </div>
 [% END %]
 
+[% IF ( CAN_user_editauthorities ) %]
     <div class="btn-group">
         <a class="btn btn-small dropdown-toggle" data-toggle="dropdown" href="#"><i class="icon-plus"></i> New authority
         <span class="caret"></span>
@@ -41,4 +47,7 @@
             [% END %]
         </ul>
     </div>
+[% END %]
 </div>
+
+[% END %]

koha-tmpl/intranet-tmpl/prog/en/includes/header.inc

@@ -18,9 +18,7 @@
                             [% IF ( CAN_user_acquisition ) %]
                             <li><a href="/cgi-bin/koha/acqui/acqui-home.pl">Acquisitions</a></li>
                             [% END %]
-                            [% IF ( CAN_user_editauthorities ) %]
                             <li><a href="/cgi-bin/koha/authorities/authorities-home.pl">Authorities</a></li>
-                            [% END %]
                             [% IF ( CAN_user_serials ) %]
                             <li><a href="/cgi-bin/koha/serials/serials-home.pl">Serials</a></li>
                             [% END %]

koha-tmpl/intranet-tmpl/prog/en/modules/authorities/searchresultlist.tt

@@ -67,7 +67,9 @@ function searchauthority() {
 [% UNLESS ( isEDITORS ) %]
       <th>Used in</th>
 [% END %]
-      <th>Delete</th>
+    [% IF ( CAN_user_editauthorities ) %]
+      <th>&nbsp;</th>
+    [% END %]
     </tr>
 [% FOREACH resul IN result %]
     [% UNLESS ( loop.odd ) %]
@@ -79,14 +81,17 @@ function searchauthority() {
       <td><a href="detail.pl?authid=[% resul.authid %]">Details</a></td>
   [% UNLESS ( resul.isEDITORS ) %]
       <td>
-        <a href="../catalogue/search.pl?type=intranet&amp;op=do_search&amp;idx=an,phr&amp;q=[% resul.authid %]" class="button">[% resul.used %] biblio(s)</a>
+        <a href="../catalogue/search.pl?type=intranet&amp;op=do_search&amp;idx=an,phr&amp;q=[% resul.authid %]" class="button">[% resul.used %] records(s)</a>
       </td>
   [% END %]
-      <td>
-  [% UNLESS ( resul.used ) %]
-        <a href="javascript:confirm_deletion([% resul.authid %])">Delete</a>
-  [% END %]
-      </td>
+      [% IF ( CAN_user_editauthorities ) %]
+          <td>
+              <a href="/cgi-bin/koha/authorities/authorities.pl?authid=[% resul.authid %]">Edit</a>
+              [% UNLESS ( resul.used ) %]
+                   | <a href="javascript:confirm_deletion([% resul.authid %])">Delete</a>
+              [% END %]
+          </td>
+      [% END %]
     </tr>
 [% END %]
   </table>

koha-tmpl/intranet-tmpl/prog/en/modules/intranet-main.tt

@@ -54,11 +54,9 @@
                     </li>
                     [% END %]
 
-                    [% IF ( CAN_user_editauthorities ) %]
                     <li>
                         <a class="icon_general icon_authorities" href="/cgi-bin/koha/authorities/authorities-home.pl">Authorities</a>
                     </li>
-                    [% END %]
                 </ul>
             </div><!-- /area-list-left -->
         </div><!-- /yui-u first -->