Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity

Bug 16978: Add delete reports user permission

Browse source 
This splits off the delete capability from the create reports permission.
From a UI perspective there were CSS issues, that this patch set hackily
bypasses. Perhaps someone else can amend this enhancement with the required
changes so that the extra column at the beginning of the table can be
removed when the user does not have delete capability.

TEST PLAN
---------
1) back up db
2) apply patch
3) ./installer/data/mysql/updatedatabase.pl
   -- should run without issue.
4) in mysql:
   > drop database ...
   > create database ...
   -- totally blanks it for fresh web install
5) run web install
   -- installing should have no issues
6) go to a patron
7) set permissions
8) expand the reports permission
   -- should have delete reports now
9) click help and scroll down to
   'Granular Reports Permissions' right at the bottom.
   -- there should be a new delete_reports section
10) Head over to guided reports and build a few reports.
    -- as system account user, delete stuff should all be visible.
11) Find a patron, set all permissions, except delete reports.
12) log out and then log in as the modified patron
13) Head over the save reports
    -- none of the delete options should be available to the user.
14) run koha qa test tools
15) restore db

Followed test plan. Additionally tried to delete using params in URL
(not possible, OK)
Signed-off-by: Marc <veron@veron.ch>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This commit is contained in:
Mark Tompsett 2016-07-26 09:50:52 -04:00 committed by Kyle M Hall
parent c585c9cf9d
commit f56d6530bc
7 changed files with 26 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
installer/data/mysql/atomicupdate/bug_16978.sql Normal file
View file

@ -0,0 +1,3 @@
INSERT IGNORE INTO `permissions`
(module_bit, code, description) VALUES
(16, 'delete_reports', 'Delete SQL reports');

1
installer/data/mysql/userpermissions.sql
View file

@ -68,6 +68,7 @@ INSERT INTO permissions (module_bit, code, description) VALUES
(15, 'superserials', 'Manage subscriptions from any branch (only applies when IndependentBranches is used)'),
(16, 'execute_reports', 'Execute SQL reports'),
(16, 'create_reports', 'Create SQL reports'),
(16, 'delete_reports', 'Delete SQL reports'),
(18, 'manage_courses', 'Add, edit and delete courses'),
(18, 'add_reserves', 'Add course reserves'),
(18, 'delete_reserves', 'Remove course reserves'),

1
koha-tmpl/intranet-tmpl/prog/en/includes/permissions.inc
View file

@ -90,6 +90,7 @@
[%- CASE 'renew_subscription' -%]<span>Renew a subscription</span>
[%- CASE 'routing' -%]<span>Routing</span>
[%- CASE 'superserials' -%]<span>Manage subscriptions from any branch (only applies when IndependentBranches is used)</span>
[%- CASE 'delete_reports' -%]<span>Delete SQL reports</span>
[%- CASE 'create_reports' -%]<span>Create SQL reports</span>
[%- CASE 'execute_reports' -%]<span>Execute SQL reports</span>
[%- CASE 'add_reserves' -%]<span>Add course reserves</span>

2
koha-tmpl/intranet-tmpl/prog/en/includes/reports-toolbar.inc
View file

@ -25,7 +25,7 @@
</div>
[% END %]
[% IF ( CAN_user_reports_create_reports ) %]
[% IF ( CAN_user_reports_delete_reports ) %]
<div class="btn-group">
<a class="delete btn btn-small" href="/cgi-bin/koha/reports/guided_reports.pl?reports=[% id %]&phase=Delete%20Saved">
<i class="fa fa-trash"></i> Delete

6
koha-tmpl/intranet-tmpl/prog/en/modules/help/members/member-flags.tt
View file

@ -499,6 +499,12 @@
<p>If the staff member has 'reports' permissions they have the ability to perform all of these actions. If you would like to control reports permissions on a more granular level choose from these options:</p>
<ul>
<li>delete_reports
<ul>
<li>Delete SQL Reports</li>
<li>The ability to delete but not run SQL reports</li>
</ul>
</li>
<li>create_reports
<ul>
<li>Create SQL Reports</li>

10
koha-tmpl/intranet-tmpl/prog/en/modules/reports/guided_reports_start.tt
View file

@ -335,7 +335,11 @@ canned reports and writing custom SQL reports.</p>
<tbody>
[% FOREACH savedreport IN savedreports %]
[% UNLESS ( loop.odd ) %]<tr class="odd">[% ELSE %]<tr>[% END %]
<td><input type="checkbox" name="ids" value="[% savedreport.id %]" /></td>
<td>
[% IF ( CAN_user_reports_delete_reports ) %] <!-- not break CSS -->
<input type="checkbox" name="ids" value="[% savedreport.id %]" />
[% END %]
</td>
<td><label for="ids">[% savedreport.id %]</label></td>
<td>
[% IF ( savedreport.report_name ) %]
@ -371,7 +375,7 @@ canned reports and writing custom SQL reports.</p>
[% END %]
<li><a href="/cgi-bin/koha/reports/guided_reports.pl?reports=[% savedreport.id %]&amp;phase=Run%20this%20report"><i class="fa fa-play"></i> Run</a></li>
<li><a href="/cgi-bin/koha/tools/scheduler.pl?id=[% savedreport.id %]"><i class="fa fa-clock-o"></i> Schedule</a></li>
[% IF ( CAN_user_reports_create_reports ) %]
[% IF ( CAN_user_reports_delete_reports ) %]
<li><a class="confirmdelete" title="Delete this saved report" href="/cgi-bin/koha/reports/guided_reports.pl?reports=[% savedreport.id %]&amp;phase=Delete%20Saved"><i class="fa fa-trash"></i> Delete</a></li>
[% END %]
</ul>
@ -381,9 +385,11 @@ canned reports and writing custom SQL reports.</p>
[% END %]
</tbody>
</table>
[% IF ( CAN_user_reports_delete_reports ) %]
<fieldset class="action">
<input type="submit" value="Delete selected" />
</fieldset>
[% END %]
</form>
</div>
</div>

8
reports/guided_reports.pl
View file

@ -53,12 +53,16 @@ my $usecache = Koha::Caches->get_instance->memcached_cache;
my $phase = $input->param('phase') // '';
my $flagsrequired;
if ( $phase eq 'Build new' or $phase eq 'Delete Saved' ) {
if ( $phase eq 'Build new' ) {
$flagsrequired = 'create_reports';
}
elsif ( $phase eq 'Use saved' ) {
$flagsrequired = 'execute_reports';
} else {
}
elsif ( $phase eq 'Delete Saved' ) {
$flagsrequired = 'delete_reports';
}
else {
$flagsrequired = '*';
}