Browse Source

Bug 7976: Remove the borrow permission

The borrow permission was used but uselessly.
For instance, at the opac, the flagsrequired parameter was set to
'borrow' but the 'authnotrequired' was set also (which means no auth
required).
At the end, this permission was used at only 1 place: for the basket,
intranet side.
This can be replaced with the catalogue permission (which is used to
search).

Test plan:
1/ Confirm that you are able to show/download/sent the cart (intranet side)
with the catalogue permission.
2/ At the OPAC, you should be able to access the same pages as before
with any other permissions.

Concretely it is quite difficult to test this patch, you should have a
look at the code.

Signed-off-by: Nick Clemens <nick@quecheelibrary.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
3.22.x
Jonathan Druart 7 years ago
committed by Tomas Cohen Arazi
parent
commit
baea0a79d5
  1. 5
      C4/Auth.pm
  2. 31
      C4/InstallAuth.pm
  3. 2
      basket/basket.pl
  4. 2
      basket/downloadcart.pl
  5. 2
      basket/sendbasket.pl
  6. 1
      installer/data/mysql/de-DE/mandatory/userflags.sql
  7. 1
      installer/data/mysql/en/mandatory/userflags.sql
  8. 1
      installer/data/mysql/es-ES/mandatory/userflags.sql
  9. 1
      installer/data/mysql/fr-FR/1-Obligatoire/userflags.sql
  10. 1
      installer/data/mysql/it-IT/necessari/userflags.sql
  11. 1
      installer/data/mysql/nb-NO/1-Obligatorisk/userflags.sql
  12. 1
      installer/data/mysql/pl-PL/mandatory/userflags.sql
  13. 1
      installer/data/mysql/ru-RU/mandatory/permissions_and_user_flags.sql
  14. 1
      installer/data/mysql/uk-UA/mandatory/permissions_and_user_flags.sql
  15. 12
      installer/data/mysql/updatedatabase.pl
  16. 1
      opac/opac-account.pl
  17. 1
      opac/opac-basket.pl
  18. 1
      opac/opac-detail.pl
  19. 3
      opac/opac-downloadcart.pl
  20. 3
      opac/opac-downloadshelf.pl
  21. 1
      opac/opac-ics.pl
  22. 1
      opac/opac-imageviewer.pl
  23. 1
      opac/opac-main.pl
  24. 1
      opac/opac-messaging.pl
  25. 1
      opac/opac-modrequest-suspend.pl
  26. 1
      opac/opac-modrequest.pl
  27. 1
      opac/opac-mymessages.pl
  28. 1
      opac/opac-passwd.pl
  29. 1
      opac/opac-privacy.pl
  30. 1
      opac/opac-readingrecord.pl
  31. 1
      opac/opac-renew.pl
  32. 1
      opac/opac-reserve.pl
  33. 2
      opac/opac-sendbasket.pl
  34. 2
      opac/opac-sendshelf.pl
  35. 1
      opac/opac-user.pl
  36. 1
      opac/svc/shelfbrowser.pl

5
C4/Auth.pm

@ -107,7 +107,7 @@ C4::Auth - Authenticates Koha users
query => $query,
type => "opac",
authnotrequired => 0,
flagsrequired => {borrow => 1, catalogue => '*', tools => 'import_patrons' },
flagsrequired => { catalogue => '*', tools => 'import_patrons' },
}
);
@ -131,7 +131,7 @@ automatically. This gets loaded into the template.
query => $query,
type => "opac",
authnotrequired => 0,
flagsrequired => {borrow => 1, catalogue => '*', tools => 'import_patrons' },
flagsrequired => { catalogue => '*', tools => 'import_patrons' },
}
);
@ -230,7 +230,6 @@ sub get_template_and_user {
$template->param( CAN_user_borrowers => 1 );
$template->param( CAN_user_permissions => 1 );
$template->param( CAN_user_reserveforothers => 1 );
$template->param( CAN_user_borrow => 1 );
$template->param( CAN_user_editcatalogue => 1 );
$template->param( CAN_user_updatecharges => 1 );
$template->param( CAN_user_acquisition => 1 );

31
C4/InstallAuth.pm

@ -45,13 +45,14 @@ InstallAuth - Authenticates Koha users for Install process
my $query = new CGI;
my ($template, $borrowernumber, $cookie)
= get_template_and_user({template_name => "opac-main.tt",
query => $query,
type => "opac",
authnotrequired => 1,
flagsrequired => {borrow => 1},
});
my ( $template, $borrowernumber, $cookie ) = get_template_and_user(
{ template_name => "opac-main.tt",
query => $query,
type => "opac",
authnotrequired => 1,
flagsrequired => { acquisition => '*' },
}
);
output_html_with_http_headers $query, $cookie, $template->output;
@ -80,13 +81,14 @@ InstallAuth - Authenticates Koha users for Install process
=item get_template_and_user
my ($template, $borrowernumber, $cookie)
= get_template_and_user({template_name => "opac-main.tt",
query => $query,
type => "opac",
authnotrequired => 1,
flagsrequired => {borrow => 1},
});
my ( $template, $borrowernumber, $cookie ) = get_template_and_user(
{ template_name => "opac-main.tt",
query => $query,
type => "opac",
authnotrequired => 1,
flagsrequired => { acquisition => '*' },
}
);
This call passes the C<query>, C<flagsrequired> and C<authnotrequired>
to C<&checkauth> (in this module) to perform authentification.
@ -139,7 +141,6 @@ sub get_template_and_user {
$template->param( CAN_user_borrowers => 1 );
$template->param( CAN_user_permission => 1 );
$template->param( CAN_user_reserveforothers => 1 );
$template->param( CAN_user_borrow => 1 );
$template->param( CAN_user_editcatalogue => 1 );
$template->param( CAN_user_updatecharges => 1 );
$template->param( CAN_user_acquisition => 1 );

2
basket/basket.pl

@ -33,7 +33,7 @@ my ( $template, $borrowernumber, $cookie ) = get_template_and_user (
template_name => "basket/basket.tt",
query => $query,
type => "intranet",
flagsrequired => { borrow => 1 },
flagsrequired => { catalogue => 1 },
}
);

2
basket/downloadcart.pl

@ -40,7 +40,7 @@ my ( $template, $borrowernumber, $cookie ) = get_template_and_user (
query => $query,
type => "intranet",
authnotrequired => 0,
flagsrequired => { borrow => 1 },
flagsrequired => { catalogue => 1 },
}
);

2
basket/sendbasket.pl

@ -40,7 +40,7 @@ my ( $template, $borrowernumber, $cookie ) = get_template_and_user (
query => $query,
type => "intranet",
authnotrequired => 0,
flagsrequired => { borrow => 1 },
flagsrequired => { catalogue => 1 },
}
);

1
installer/data/mysql/de-DE/mandatory/userflags.sql

@ -5,7 +5,6 @@ INSERT INTO `userflags` VALUES(3,'parameters','Administration und Systemparamete
INSERT INTO `userflags` VALUES(4,'borrowers','Benutzer anlegen/ändern',0);
INSERT INTO `userflags` VALUES(5,'permissions','Berechtigungen für Benutzer vergeben',0);
INSERT INTO `userflags` VALUES(6,'reserveforothers','Vormerkungen für Benutzer setzen/ändern',0);
INSERT INTO `userflags` VALUES(7,'borrow','Medien entleihen',1);
INSERT INTO `userflags` VALUES(9,'editcatalogue','Katalogdaten ändern (Titel- und Bestandsdaten ändern)',0);
INSERT INTO `userflags` VALUES(10,'updatecharges','Gebühren verwalten',0);
INSERT INTO `userflags` VALUES(11,'acquisition','Erwerbung und Verwaltung von Anschaffungsvorschlägen',0);

1
installer/data/mysql/en/mandatory/userflags.sql

@ -6,7 +6,6 @@ INSERT INTO userflags (bit, flag, flagdesc, defaulton) VALUES
(4,'borrowers','Add or modify patrons',0),
(5,'permissions','Set user permissions',0),
(6,'reserveforothers','Place and modify holds for patrons',0),
(7,'borrow','Borrow books',1),
(9,'editcatalogue','Edit catalog (Modify bibliographic/holdings data)',0),
(10,'updatecharges','Manage patrons fines and fees',0),
(11,'acquisition','Acquisition and/or suggestion management',0),

1
installer/data/mysql/es-ES/mandatory/userflags.sql

@ -5,7 +5,6 @@ INSERT INTO `userflags` VALUES(3,'parameters','Set Koha system parameters',0);
INSERT INTO `userflags` VALUES(4,'borrowers','Add or modify borrowers',0);
INSERT INTO `userflags` VALUES(5,'permissions','Set user permissions',0);
INSERT INTO `userflags` VALUES(6,'reserveforothers','Place and modify holds for patrons',0);
INSERT INTO `userflags` VALUES(7,'borrow','Borrow books',1);
INSERT INTO `userflags` VALUES(9,'editcatalogue','Edit Catalog (Modify bibliographic/holdings data)',0);
INSERT INTO `userflags` VALUES(10,'updatecharges','Update borrower charges',0);
INSERT INTO `userflags` VALUES(11,'acquisition','Acquisition and/or suggestion management',0);

1
installer/data/mysql/fr-FR/1-Obligatoire/userflags.sql

@ -7,7 +7,6 @@ INSERT INTO `userflags` VALUES(3,'parameters','Définition des paramètres de l'
INSERT INTO `userflags` VALUES(4,'borrowers','Gestion des lecteurs',0);
INSERT INTO `userflags` VALUES(5,'permissions','Définition des habilitations',0);
INSERT INTO `userflags` VALUES(6,'reserveforothers','Ajout et modifications des réservations des adhérents',0);
INSERT INTO `userflags` VALUES(7,'borrow','Circulation (inutile normalement)',1);
INSERT INTO `userflags` VALUES(9,'editcatalogue','fonctions de catalogage',0);
INSERT INTO `userflags` VALUES(10,'updatecharges','Gestion des pénalités financières',0);
INSERT INTO `userflags` VALUES(11,'acquisition','Gestion des acquisitions',0);

1
installer/data/mysql/it-IT/necessari/userflags.sql

@ -7,7 +7,6 @@ INSERT INTO `userflags` VALUES(3,'parameters','Imposta i parametri di Koha',0);
INSERT INTO `userflags` VALUES(4,'borrowers','Aggiungi o modifica gli utenti',0);
INSERT INTO `userflags` VALUES(5,'permissions','Imposta i permessi utente',0);
INSERT INTO `userflags` VALUES(6,'reserveforothers','Prenota i libri per gli utenti',0);
INSERT INTO `userflags` VALUES(7,'borrow','Presta i libri',1);
INSERT INTO `userflags` VALUES(9,'editcatalogue','Modifica il catalogo (modifica i dati bibliografici e titoli)',0);
INSERT INTO `userflags` VALUES(10,'updatecharges','Aggiorna le tariffe del prestito',0);
INSERT INTO `userflags` VALUES(11,'acquisition','Gestione delle acquisizioni e dei suggerimenti d\'acquisto',0);

1
installer/data/mysql/nb-NO/1-Obligatorisk/userflags.sql

@ -26,7 +26,6 @@ INSERT INTO `userflags` VALUES(3,'parameters','Endre Kohas systempreferanser',0)
INSERT INTO `userflags` VALUES(4,'borrowers','Legge til og endre lånere',0);
INSERT INTO `userflags` VALUES(5,'permissions','Endre brukerrettigheter',0);
INSERT INTO `userflags` VALUES(6,'reserveforothers','Reservere og endre reservasjoner for lånere',0);
INSERT INTO `userflags` VALUES(7,'borrow','Låne dokumenter',1);
INSERT INTO `userflags` VALUES(9,'editcatalogue','Endre katalogen (Endre bibliografiske poster og eksemplaropplysninger)',0);
INSERT INTO `userflags` VALUES(10,'updatecharges','Endre gebyrer for lånere',0);
INSERT INTO `userflags` VALUES(11,'acquisition','Innkjøp og/eller behandling av forslag',0);

1
installer/data/mysql/pl-PL/mandatory/userflags.sql

@ -6,7 +6,6 @@ INSERT INTO userflags (bit, flag, flagdesc, defaulton) VALUES
(4,'borrowers','Dodawanie i modyfikowanie użytkowników',0),
(5,'permissions','Ustawianie uprawnień użytkownikom',0),
(6,'reserveforothers','Składanie i modyfikacja zamówień w imieniu użytkowników',0),
(7,'borrow','Wypożyczanie książek',1),
(9,'editcatalogue','Modyfikowanie katalogu (Modyfikacja rekordów bibliograficznych/egzemplarza)',0),
(10,'updatecharges','Zarządzanie należnościami',0),
(11,'acquisition','Gromadzenie oraz/lub zarządzanie propozycjami zakupu',0),

1
installer/data/mysql/ru-RU/mandatory/permissions_and_user_flags.sql

@ -8,7 +8,6 @@ INSERT INTO userflags (bit, flag, flagdesc, defaulton) VALUES
(4, 'borrowers', 'Внесение и изменение посетителей',0),
(5, 'permissions', 'Установка привилегий пользователя',0),
(6, 'reserveforothers','Резервирование книжек для посетителей',0),
(7, 'borrow', 'Заем книг',1),
(9, 'editcatalogue', 'Изменение каталога (изменение библиографических/локальных данных)',0),
(10,'updatecharges', 'Обновление оплат пользователей',0),
(11,'acquisition', 'Управление поступлениями и/или предложениями',0),

1
installer/data/mysql/uk-UA/mandatory/permissions_and_user_flags.sql

@ -8,7 +8,6 @@ INSERT INTO userflags (bit, flag, flagdesc, defaulton) VALUES
(4, 'borrowers', 'Внесення та зміна відвідувачів',0),
(5, 'permissions', 'Встановлення привілеїв користувача',0),
(6, 'reserveforothers','Резервування книжок для відвідувачів',0),
(7, 'borrow', 'Випозичання книжок',1),
(9, 'editcatalogue', 'Редагування каталогу (зміна бібліографічних/локальних даних)',0),
(10,'updatecharges', 'Оновлення сплат користувачів',0),
(11,'acquisition', 'Управління надходженнями і/чи пропозиціями',0),

12
installer/data/mysql/updatedatabase.pl

@ -9977,6 +9977,7 @@ if ( CheckVersion($DBversion) ) {
SetVersion ($DBversion);
}
$DBversion = "3.19.00.018";
if ( CheckVersion($DBversion) ) {
$dbh->do(q|
@ -10554,6 +10555,17 @@ foreach my $file ( sort readdir $dirh ) {
}
}
$DBversion = "3.19.00.XXX";
if ( CheckVersion($DBversion) ) {
$dbh->do(q|
DELETE FROM userflags WHERE bit=7;
|);
print "Upgrade to $DBversion done (Bug 7976 - Remove the 'borrow' permission)\n";
SetVersion($DBversion);
}
=head1 FUNCTIONS
=head2 TableExists($table)

1
opac/opac-account.pl

@ -34,7 +34,6 @@ my ( $template, $borrowernumber, $cookie ) = get_template_and_user(
query => $query,
type => "opac",
authnotrequired => 0,
flagsrequired => { borrow => 1 },
debug => 1,
}
);

1
opac/opac-basket.pl

@ -35,7 +35,6 @@ my ( $template, $borrowernumber, $cookie ) = get_template_and_user (
query => $query,
type => "opac",
authnotrequired => ( C4::Context->preference("OpacPublic") ? 1 : 0 ),
flagsrequired => { borrow => 1 },
}
);

1
opac/opac-detail.pl

@ -67,7 +67,6 @@ my ( $template, $borrowernumber, $cookie ) = get_template_and_user(
query => $query,
type => "opac",
authnotrequired => ( C4::Context->preference("OpacPublic") ? 1 : 0 ),
flagsrequired => { borrow => 1 },
}
);

3
opac/opac-downloadcart.pl

@ -39,8 +39,7 @@ my ( $template, $borrowernumber, $cookie ) = get_template_and_user (
template_name => "opac-downloadcart.tt",
query => $query,
type => "opac",
authnotrequired => 1,
flagsrequired => { borrow => 1 },
authnotrequired => ( C4::Context->preference("OpacPublic") ? 1 : 0 ),
}
);

3
opac/opac-downloadshelf.pl

@ -39,8 +39,7 @@ my ( $template, $borrowernumber, $cookie ) = get_template_and_user (
template_name => "opac-downloadshelf.tt",
query => $query,
type => "opac",
authnotrequired => 1,
flagsrequired => { borrow => 1 },
authnotrequired => ( C4::Context->preference("OpacPublic") ? 1 : 0 ),
}
);

1
opac/opac-ics.pl

@ -44,7 +44,6 @@ my ( $template, $borrowernumber, $cookie ) = get_template_and_user(
query => $query,
type => "opac",
authnotrequired => 0,
flagsrequired => { borrow => 1 },
debug => 1,
}
);

1
opac/opac-imageviewer.pl

@ -33,7 +33,6 @@ my ( $template, $borrowernumber, $cookie ) = get_template_and_user(
query => $query,
type => "opac",
authnotrequired => ( C4::Context->preference("OpacPublic") ? 1 : 0 ),
flagsrequired => { borrow => 1 },
}
);

1
opac/opac-main.pl

@ -35,7 +35,6 @@ my ( $template, $borrowernumber, $cookie ) = get_template_and_user(
type => "opac",
query => $input,
authnotrequired => ( C4::Context->preference("OpacPublic") ? 1 : 0 ),
flagsrequired => { borrow => 1 },
}
);

1
opac/opac-messaging.pl

@ -41,7 +41,6 @@ my ( $template, $borrowernumber, $cookie ) = get_template_and_user(
query => $query,
type => 'opac',
authnotrequired => 0,
flagsrequired => { borrow => 1 },
debug => 1,
}
);

1
opac/opac-modrequest-suspend.pl

@ -29,7 +29,6 @@ my ( $template, $borrowernumber, $cookie ) = get_template_and_user(
query => $query,
type => "opac",
authnotrequired => 0,
flagsrequired => { borrow => 1 },
debug => 1,
}
);

1
opac/opac-modrequest.pl

@ -37,7 +37,6 @@ my ( $template, $borrowernumber, $cookie ) = get_template_and_user(
query => $query,
type => "opac",
authnotrequired => 0,
flagsrequired => { borrow => 1 },
debug => 1,
}
);

1
opac/opac-mymessages.pl

@ -36,7 +36,6 @@ my ( $template, $borrowernumber, $cookie ) = get_template_and_user(
query => $query,
type => 'opac',
authnotrequired => 0,
flagsrequired => { borrow => 1 },
debug => 1,
}
);

1
opac/opac-passwd.pl

@ -40,7 +40,6 @@ my ( $template, $borrowernumber, $cookie ) = get_template_and_user(
query => $query,
type => "opac",
authnotrequired => 0,
flagsrequired => { borrow => 1 },
debug => 1,
}
);

1
opac/opac-privacy.pl

@ -42,7 +42,6 @@ my ( $template, $borrowernumber, $cookie ) = get_template_and_user(
query => $query,
type => "opac",
authnotrequired => 0,
flagsrequired => { borrow => 1 },
debug => 1,
}
);

1
opac/opac-readingrecord.pl

@ -46,7 +46,6 @@ my ( $template, $borrowernumber, $cookie ) = get_template_and_user(
query => $query,
type => "opac",
authnotrequired => 0,
flagsrequired => { borrow => 1 },
debug => 1,
}
);

1
opac/opac-renew.pl

@ -39,7 +39,6 @@ my ( $template, $borrowernumber, $cookie ) = get_template_and_user(
query => $query,
type => "opac",
authnotrequired => 0,
flagsrequired => { borrow => 1 },
debug => 1,
}
);

1
opac/opac-reserve.pl

@ -55,7 +55,6 @@ my ( $template, $borrowernumber, $cookie ) = get_template_and_user(
query => $query,
type => "opac",
authnotrequired => 0,
flagsrequired => { borrow => 1 },
debug => 1,
}
);

2
opac/opac-sendbasket.pl

@ -43,7 +43,6 @@ my ( $template, $borrowernumber, $cookie ) = get_template_and_user (
query => $query,
type => "opac",
authnotrequired => 0,
flagsrequired => { borrow => 1 },
}
);
@ -75,7 +74,6 @@ if ( $email_add ) {
query => $query,
type => "opac",
authnotrequired => 0,
flagsrequired => { borrow => 1 },
}
);

2
opac/opac-sendshelf.pl

@ -43,7 +43,6 @@ my ( $template, $borrowernumber, $cookie ) = get_template_and_user (
query => $query,
type => "opac",
authnotrequired => 0,
flagsrequired => { borrow => 1 },
}
);
@ -70,7 +69,6 @@ if ( $email ) {
query => $query,
type => "opac",
authnotrequired => 1,
flagsrequired => { borrow => 1 },
}
);

1
opac/opac-user.pl

@ -60,7 +60,6 @@ my ( $template, $borrowernumber, $cookie ) = get_template_and_user(
query => $query,
type => "opac",
authnotrequired => 0,
flagsrequired => { borrow => 1 },
debug => 1,
}
);

1
opac/svc/shelfbrowser.pl

@ -16,7 +16,6 @@ my ( $template, $borrowernumber, $cookie ) = get_template_and_user(
query => $cgi,
type => "opac",
authnotrequired => ( C4::Context->preference("OpacPublic") ? 1 : 0 ),
flagsrequired => { borrow => 1 },
}
);

Loading…
Cancel
Save