Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity

Bug 13888: 'Lists' permission should allow/disallow using the lists module in staff

Browse source 
This patch adds two new system preferences, use public lists, and create public
lists. Use public lists determines if a librarian is permitted to see public
lists, whilst create public lists determines if a librarian can create new public
lists.

It also fixes erroneously allowing staff to add items to existing lists, by
honouring the existing edit_public_list_contents

To test:
a)  notice the new my lists link on the account pulldown
    1)  ensure it goes to the lists module
b)  create new public list, add at least one item, make it editable by everyone
    1) note the name of the list
c)  create a new patron with full access to the staff client minus lists permissions
d)  log in as the newly created patron
e)  notice the lists button is missing from the staff client mainpage
f)  set any of the lists permissions except create public lists, use public lists, edit public list contents
g)  notice how the lists button is no longer missing from the staff client mainpage
h)  go to the lists module
    1) notice that public lists are now missing from the datatable
i)  click add list
    1)  notice that the public drop-down is now a fixed label set to private
j)  create list and confirm it is not public
k)  turn use public lists permission on
l)  return to the lists module
    1)  notice that the datatable now shows private and public lists tabs
m)  turn create public lists permission on
n)  repeat steps h-i
    1)  notice that the public drop-down is now visible again
o)  create list and confirm it is public
p)  go to the list you created in step b
q)  notice that add items button, and remove selected button, is missing
r)  turn edit public list contents permission on
s)  repeat steps p-q
    1) notice that add items button is now visible
t)  click add items
u)  enter an item barcode or biblio number, click save
    1) notice that the items are now added to the list

Signed-off-by: Roman Dolny <roman.dolny@jezuici.pl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This commit is contained in:
Jake Deery 2024-07-02 15:11:36 +01:00 committed by Martin Renvoize
parent 24e54b1fd4
commit ed8aed912c
Signed by: martin.renvoize
GPG key ID: 422B469130441A0F
9 changed files with 80 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
Koha/Virtualshelf.pm
View file

@ -256,16 +256,21 @@ sub can_be_managed {
sub can_biblios_be_added {
my ( $self, $borrowernumber ) = @_;
my $patron = Koha::Patrons->find( $borrowernumber ) or return 0;
my $patron = Koha::Patrons->find($borrowernumber) or return 0;
return 1
if $borrowernumber
and ( ( $self->owner == $borrowernumber && $self->allow_change_from_owner ) or ( $self->allow_change_from_staff && $patron->can_patron_change_staff_only_lists ) or ( $self->allow_change_from_permitted_staff && $patron->can_patron_change_permitted_staff_lists ) or $self->allow_change_from_others );
if $borrowernumber
and ( ( $self->owner == $borrowernumber && $self->allow_change_from_owner )
or ( $self->allow_change_from_staff && $patron->can_patron_change_staff_only_lists )
or ( $self->allow_change_from_permitted_staff && $patron->can_patron_change_permitted_staff_lists )
or $self->allow_change_from_others )
and ( ( $self->public && C4::Auth::haspermission( $patron->userid, { lists => 'edit_public_list_contents' } ) )
or !$self->public );
return 0;
}
sub can_biblios_be_removed {
my ( $self, $borrowernumber ) = @_;
return $self->can_biblios_be_added( $borrowernumber );
return $self->can_biblios_be_added($borrowernumber);
# Same answer since bug 18228
}

21
installer/data/mysql/atomicupdate/bug_13888-Add-extra-list-perms.pl Executable file
View file

@ -0,0 +1,21 @@
use Modern::Perl;
return {
bug_number => "13888",
description => "'Lists' permission should allow/disallow using the lists module in staff",
up => sub {
my ($args) = @_;
my ( $dbh, $out ) = @$args{qw(dbh out)};
$dbh->do(
q{ INSERT IGNORE INTO permissions (module_bit,code,description) VALUES (20, 'use_public_lists', 'Use public lists') }
);
say $out "Added permission 'use_public_lists'";
$dbh->do(
q{ INSERT IGNORE INTO permissions (module_bit,code,description) VALUES (20, 'create_public_lists', 'Create public lists') }
);
say $out "Added permission 'create_public_lists'";
},
};

2
installer/data/mysql/mandatory/userpermissions.sql
View file

@ -146,9 +146,11 @@ INSERT INTO permissions (module_bit, code, description) VALUES
(19, 'report', 'Use report plugins'),
(19, 'admin', 'Use administrative plugins'),
(19, 'configure', 'Configure plugins'),
(20, 'create_public_lists', 'Create public lists'),
(20, 'delete_public_lists', 'Delete public lists'),
(20, 'edit_public_lists', 'Edit public lists'),
(20, 'edit_public_list_contents', 'Edit public list contents'),
(20, 'use_public_lists', 'Use public lists'),
(21, 'edit_templates', 'Create and update club templates'),
(21, 'edit_clubs', 'Create and update clubs'),
(21, 'enroll', 'Enroll patrons in clubs'),

3
koha-tmpl/intranet-tmpl/prog/en/includes/header.inc
View file

@ -228,6 +228,9 @@
<li class="toplinks-mycheckouts">
<a class="toplinks" href="/cgi-bin/koha/circ/circulation.pl?borrowernumber=[% loggedinusernumber | html %]">My checkouts</a>
</li>
<li class="toplinks-mylists">
<a class="toplinks" href="/cgi-bin/koha/virtualshelves/shelves.pl">My lists</a>
</li>
[% END %]
[% IF Koha.Preference( 'CookieConsent' ) %]
<li class="toplinks-myconsents">

10
koha-tmpl/intranet-tmpl/prog/en/includes/permissions.inc
View file

@ -767,6 +767,11 @@
Use administrative plugins
</span>
<span class="permissioncode">([% name | html %])</span>
[%- CASE 'create_public_lists' -%]
<span class="sub_permission create_public_lists_subpermission">
Create public lists
</span>
<span class="permissioncode">([% name | html %])</span>
[%- CASE 'delete_public_lists' -%]
<span class="sub_permission delete_public_lists_subpermission">
Delete public lists
@ -782,6 +787,11 @@
Edit public lists contents
</span>
<span class="permissioncode">([% name | html %])</span>
[%- CASE 'use_public_lists' -%]
<span class="sub_permission use_public_lists_subpermission">
Use public lists
</span>
<span class="permissioncode">([% name | html %])</span>
[%- CASE 'upload_general_files' -%]
<span class="sub_permission upload_general_files_subpermission">
Upload any file

2
koha-tmpl/intranet-tmpl/prog/en/modules/intranet-main.tt
View file

@ -91,9 +91,11 @@
</li>
[% END %]
[% IF ( CAN_user_lists ) %]
<li>
<a class="icon_general icon_lists" href="/cgi-bin/koha/virtualshelves/shelves.pl"><i class="fa fa-fw fa-list-alt"></i>Lists</a>
</li>
[% END %]
[% IF ( UseCourseReserves ) %]
<li>

36
koha-tmpl/intranet-tmpl/prog/en/modules/virtualshelves/shelves.tt
View file

@ -455,19 +455,25 @@
</select>
</li>
<li>
<label for="public">Public: </label>
<select id="public" name="public" onchange="AdjustRemark()">
[% IF shelf.is_private %]
<option value="0" selected="selected">Private</option>
[% ELSE %]
<option value="0">Private</option>
[% END %]
[% IF shelf.is_public %]
<option value="1" selected="selected">Public</option>
[% ELSE %]
<option value="1">Public</option>
[% END %]
</select>
[% IF ( CAN_user_lists_create_public_lists ) %]
<label for="public">Public: </label>
<select id="public" name="public" onchange="AdjustRemark()">
[% IF shelf.is_private %]
<option value="0" selected="selected">Private</option>
[% ELSE %]
<option value="0">Private</option>
[% END %]
[% IF shelf.is_public %]
<option value="1" selected="selected">Public</option>
[% ELSE %]
<option value="1">Public</option>
[% END %]
</select>
[% ELSE %]
<label>Public: </label>
<span>Private</span>
<input id="public" name="public" value="0" type="hidden" />
[% END %]
</li>
[% INCLUDE list_permissions %]
</ol>
@ -494,7 +500,9 @@
[% WRAPPER tabs id= "tabs" %]
[% WRAPPER tabs_nav %]
[% WRAPPER tab_item tabname= "privateshelves_tab" bt_active= 1 %] <span>Your lists</span> [% END %]
[% WRAPPER tab_item tabname= "publicshelves_tab" %] <span>Public lists</span> [% END %]
[% IF ( CAN_user_lists_use_public_lists ) %]
[% WRAPPER tab_item tabname= "publicshelves_tab" %] <span>Public lists</span> [% END %]
[% END %]
[% END # /WRAPPER tabs_nav %]
[% WRAPPER tab_panels %]

2
t/Koha/Auth/Permissions.t
View file

@ -167,9 +167,11 @@ subtest 'superlibrarian tests' => sub {
'CAN_user_editcatalogue_set_record_sources' => 1,
'CAN_user_editcatalogue' => 1,
'CAN_user_ill' => 1,
'CAN_user_lists_create_public_lists' => 1,
'CAN_user_lists_delete_public_lists' => 1,
'CAN_user_lists_edit_public_lists' => 1,
'CAN_user_lists_edit_public_list_contents' => 1,
'CAN_user_lists_use_public_lists' => 1,
'CAN_user_lists' => 1,
'CAN_user_parameters_manage_accounts' => 1,
'CAN_user_parameters_manage_additional_fields' => 1,

11
virtualshelves/shelves.pl
View file

@ -57,8 +57,14 @@ my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
my $op = $query->param('op') || 'list';
my $referer = $query->param('referer') || $op;
my $page = int( $query->param('page') || 1 );
my $public = $query->param('public') ? 1 : 0;
my ( $shelf, $shelfnumber, @messages, $allow_transfer );
my ( $public, $shelf, $shelfnumber, @messages, $allow_transfer, $allow_create_public_lists );
# work out permissions once
# this check is for the create list permission
$allow_create_public_lists = haspermission( $loggedinuser, { lists => 'create_public_lists' } ) ? 1 : 0;
# we want the user to be able to pick if public or private only if they are allowed
$public = ( $query->param('public') == 1 && $allow_create_public_lists == 1 ) ? 1 : 0;
# PART1: Perform a few actions
if ( $op eq 'add_form' ) {
@ -397,6 +403,7 @@ $template->param(
print => scalar $query->param('print') || 0,
csv_profiles => [ Koha::CsvProfiles->search({ type => 'marc', used_for => 'export_records' })->as_list ],
allow_transfer => $allow_transfer,
allow_create_public_lists => $allow_create_public_lists,
);
output_html_with_http_headers $query, $cookie, $template->output;