Bug 14686: Add Upload to Tools menu
This patch makes sure that the added granular permissions work as
advertised.
Note: The field owner was not included in the Koha::Upload->get response.
The code to verify if a user is allowed to delete an upload, is concentrated
in the template now. When get returns a Koha::Object, this check could be
relocated.
Test plan:
[1] Verify that the current user has permission for tools, or has
at least upload_general_files.
[2] Do you see Upload in the Tools menu? Follow the link.
[3] Upload a permanent file (with a category).
[4] Do you see the Delete button in the results form?
[5] Make sure that another user has no permission to upload.
[6] Login as that user and check the Tools menu.
Try the URL [yourserver]/cgi-bin/koha/tools/upload.pl
You should have no access to the upload form.
[7] Enable upload_general_files for this user. Go to upload and search for
the upload from step 3. You should not see a Delete button.
[8] Enable upload_manage for this user. Search for the upload again.
Delete the upload.
[9] Go to upload via the Cataloguing editor (856$u plugin) or add
parameter "plugin=1" to the URL. You should not see the Tools menu.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Brendan Gallagher <bredan@bywatersolutions.com>
This commit is contained in:
Brendan Gallagher
parent
49a3b581b7
commit
9eb80092e3
5 changed files with 27 additions and 9 deletions
|
|
@ -170,7 +170,7 @@ sub get {
|
|||
my ( @rv, $res);
|
||||
foreach my $r ( @$temp ) {
|
||||
undef $res;
|
||||
foreach( qw[id hashvalue filesize uploadcategorycode public permanent] ) {
|
||||
foreach( qw[id hashvalue filesize uploadcategorycode public permanent owner] ) {
|
||||
$res->{$_} = $r->{$_};
|
||||
}
|
||||
$res->{name} = $r->{filename};
|
||||
|
|
@ -366,7 +366,7 @@ sub _lookup {
|
|||
my ( $self, $params ) = @_;
|
||||
my $dbh = C4::Context->dbh;
|
||||
my $sql = q|
|
||||
SELECT id,hashvalue,filename,dir,filesize,uploadcategorycode,public,permanent
|
||||
SELECT id,hashvalue,filename,dir,filesize,uploadcategorycode,public,permanent,owner
|
||||
FROM uploaded_files
|
||||
|;
|
||||
my @pars;
|
||||
|
|
|
|||
|
|
@ -117,4 +117,7 @@
|
|||
[% IF ( CAN_user_tools_edit_quotes ) %]
|
||||
<li><a href="/cgi-bin/koha/tools/quotes.pl">Quote editor</a></li>
|
||||
[% END %]
|
||||
[% IF ( CAN_user_tools_upload_general_files ) %]
|
||||
<li><a href="/cgi-bin/koha/tools/upload.pl">Upload any file</a></li>
|
||||
[% END %]
|
||||
</ul></div></div>
|
||||
|
|
|
|||
|
|
@ -109,6 +109,11 @@
|
|||
<dd>Manage EDIfact transmissions</dd>
|
||||
[% END %]
|
||||
|
||||
[% IF ( CAN_user_tools_upload_general_files ) %]
|
||||
<dt><a href="/cgi-bin/koha/tools/upload.pl">Upload</a></dt>
|
||||
<dd>Upload any type of file, manage uploads</dd>
|
||||
[% END %]
|
||||
|
||||
</dl>
|
||||
</div>
|
||||
<div class="yui-u">
|
||||
|
|
|
|||
|
|
@ -182,7 +182,9 @@
|
|||
<a href="" onclick="Choose('[% record.hashvalue %]'); return false;">Choose</a>
|
||||
[% END %]
|
||||
<a href="" onclick="SubmitMe( 'download', [% record.id %] ); return false;">Download</a>
|
||||
<a href="" onclick="DeleteEntry( [% record.id %] ); return false;">Delete</a>
|
||||
[% IF record.owner == owner || CAN_user_tools_upload_manage %]
|
||||
<a href="" onclick="DeleteEntry( [% record.id %] ); return false;">Delete</a>
|
||||
[% END %]
|
||||
</td>
|
||||
</tr>
|
||||
[% END %]
|
||||
|
|
@ -334,7 +336,6 @@ $(document).ready(function() {
|
|||
<div class="yui-b">
|
||||
|
||||
<h1>Upload</h1>
|
||||
|
||||
<div class="dialog alert" id="myalerts" style="display:none;"></div>
|
||||
|
||||
[% PROCESS submitter %]
|
||||
|
|
@ -354,8 +355,14 @@ $(document).ready(function() {
|
|||
[% END %]
|
||||
[% END %]
|
||||
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
[% IF !plugin %]
|
||||
<div class="yui-b noprint">
|
||||
[% INCLUDE 'tools-menu.inc' %]
|
||||
</div>
|
||||
[% END %]
|
||||
|
||||
</div>
|
||||
[% INCLUDE 'intranet-bottom.inc' %]
|
||||
|
|
|
|||
|
|
@ -38,13 +38,14 @@ my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
|
|||
query => $input,
|
||||
type => "intranet",
|
||||
authnotrequired => 0,
|
||||
flagsrequired => { editcatalogue => '*' },
|
||||
flagsrequired => { tools => 'upload_general_files' },
|
||||
}
|
||||
);
|
||||
|
||||
$template->param(
|
||||
plugin => $plugin,
|
||||
index => $index,
|
||||
index => $index,
|
||||
owner => $loggedinuser,
|
||||
plugin => $plugin,
|
||||
);
|
||||
|
||||
my $upar = $plugin ? { public => 1 } : {};
|
||||
|
|
@ -54,6 +55,7 @@ if ( $op eq 'new' ) {
|
|||
uploadcategories => Koha::Upload->getCategories,
|
||||
);
|
||||
output_html_with_http_headers $input, $cookie, $template->output;
|
||||
|
||||
} elsif ( $op eq 'search' ) {
|
||||
my $h = $id ? { id => $id } : { term => $term };
|
||||
my @uploads = Koha::Upload->new($upar)->get($h);
|
||||
|
|
@ -63,8 +65,8 @@ if ( $op eq 'new' ) {
|
|||
uploads => \@uploads,
|
||||
);
|
||||
output_html_with_http_headers $input, $cookie, $template->output;
|
||||
} elsif ( $op eq 'delete' ) {
|
||||
|
||||
} elsif ( $op eq 'delete' ) {
|
||||
# delete only takes the id parameter
|
||||
my $upl = Koha::Upload->new($upar);
|
||||
my ($fn) = $upl->delete( { id => $id } );
|
||||
|
|
@ -79,6 +81,7 @@ if ( $op eq 'new' ) {
|
|||
uploadcategories => $upl->getCategories,
|
||||
);
|
||||
output_html_with_http_headers $input, $cookie, $template->output;
|
||||
|
||||
} elsif ( $op eq 'download' ) {
|
||||
my $upl = Koha::Upload->new($upar);
|
||||
my $rec = $upl->get( { id => $id, filehandle => 1 } );
|
||||
|
|
|
|||
Loading…
Reference in a new issue