If you log into the OPAC as a user with no flags, you can see a restricted view of
/cgi-bin/koha/tools/tools-home.pl instead of seeing the login screen.
Test plan:
Use a patron with catalogue permission only
Login and access the tools home page
=> redirected to the login screen
Add a club sub permission
Login and access the tools home page
=> You see the tools home page with the clubs link
Add a tool sub permission, remove club
Login and access the tools home page
=> You see the tools home page with the relevant link
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
If a user only has the clubs and no permission from the tools section,
they can't access the patron clubs page by navigation. This patch
extends the permission checks for tools to include the clubs, that
live on the tools page, but have a top level permission.
To test:
- create a patron with only the catalogue and clubs permissions
- log in to the staff client as that patron
- navigate to a patron record, confirm you can see the Clubs tab in the patron account, can add patrons to and remove patrons from clubs
- confirm you don't have a link to the Tools module either on the Koha homepage or in the More menu
- enter the clubs URL manually (/cgi-bin/koha/clubs/clubs.pl), confirm you are allowed to open the page
- Apply patch
- The only changes should be:
- You can now see the Tools entry in the More navigation menu
- You can now see the Tools module link on the start page
- Both take you to the tools page, only visible tools is 'Patron clubs'
Signed-off-by: Andrew Fuerste-Henry <andrewfh@dubcolib.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
On bug 17591 we discovered that there was something weird going on with
the way we export and use subroutines/modules.
This patch tries to standardize our EXPORT to use EXPORT_OK only.
That way we will need to explicitely define the subroutine we want to
use from a module.
This patch is a squashed version of:
Bug 17600: After export.pl
Bug 17600: After perlimport
Bug 17600: Manual changes
Bug 17600: Other manual changes after second perlimports run
Bug 17600: Fix tests
And a lot of other manual changes.
export.pl is a dirty script that can be found on bug 17600.
"perlimport" is:
git clone https://github.com/oalders/App-perlimports.git
cd App-perlimports/
cpanm --installdeps .
export PERL5LIB="$PERL5LIB:/kohadevbox/koha/App-perlimports/lib"
find . \( -name "*.pl" -o -name "*.pm" \) -exec perl App-perlimports/script/perlimports --inplace-edit --no-preserve-unused --filename {} \;
The ideas of this patch are to:
* use EXPORT_OK instead of EXPORT
* perltidy the EXPORT_OK list
* remove '&' before the subroutine names
* remove some uneeded use statements
* explicitely import the subroutines we need within the controllers or
modules
Note that the private subroutines (starting with _) should not be
exported (and not used from outside of the module except from tests).
EXPORT vs EXPORT_OK (from
https://www.thegeekstuff.com/2010/06/perl-exporter-examples/)
"""
Export allows to export the functions and variables of modules to user’s namespace using the standard import method. This way, we don’t need to create the objects for the modules to access it’s members.
@EXPORT and @EXPORT_OK are the two main variables used during export operation.
@EXPORT contains list of symbols (subroutines and variables) of the module to be exported into the caller namespace.
@EXPORT_OK does export of symbols on demand basis.
"""
If this patch caused a conflict with a patch you wrote prior to its
push:
* Make sure you are not reintroducing a "use" statement that has been
removed
* "$subroutine" is not exported by the C4::$MODULE module
means that you need to add the subroutine to the @EXPORT_OK list
* Bareword "$subroutine" not allowed while "strict subs"
means that you didn't imported the subroutine from the module:
- use $MODULE qw( $subroutine list );
You can also use the fully qualified namespace: C4::$MODULE::$subroutine
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
There is a "debug" parameter we are passing from the controller scripts
to C4::Auth::get_template_and_user, but it's not actually used!
Test plan:
Confirm the assumption
Review the changes from this patch
Generated with:
perl -p -i -e 's#\s*debug\s*=\>\s*(0|1),?\s*##gms' **/*.pl
git checkout misc/devel/update_dbix_class_files.pl # Wrong catch
+ Manual fix in acqui/neworderempty.pl
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
In tools home there is a link to the table showing tool plugins.
Would be great to be able to run a tool plugin directly from tools home.
Also adds the behavior than if there is no tool plugin, "Tool plugins"
section is not displayed in tools home.
No need of a link that goes to an empty table ;)
Test plan :
1) Enable plugins, dont install any
2) Go to "Tools" module : /cgi-bin/koha/tools/tools-home.pl
3) Check you dont see "Tool plugins"
4) Install a tool plugin like Carrousel https://inlibro.com/instructions-carrousel/
5) Refresh /cgi-bin/koha/tools/tools-home.pl
6) Check you see "Tool plugins" and a link to Carrousel
7) Click on link to Carrousel => You see plugin run
8) Disable Carrousel plugin
9) Refresh /cgi-bin/koha/tools/tools-home.pl
10) Check you dont see "Tool plugins"
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
It defaults to 0 in get_template_and_user
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch adds a new method Koha::Reviews->search_limited to return the
reviews
a logged in user is allowed to see depending his permissions.
Test plan:
Create some reviews at the OPAC and make sure a staff user is limited
(or not) to approve
or decline it.
The number of reviews displayed on the mainpage should be correct as
well.
Signed-off-by: Signed-off-by: Jon McGowan <jon.mcgowan@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Marc Veron <veron@veron.ch>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Since we switched to Template Toolkit we don't need to stick with the
sufix we used for HTML::Template::Pro.
This patch changes the occurences of '.tmpl' in favour of '.tt'.
To test:
- Apply the patch
- Install koha, and verify that every page can be accesed
Regards
To+
P.S. a followup will remove the glue code.
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
This patch adds count indicators on the staff client home page and
the tools page for the number of items pending approval. On the
home page this includes suggestions, comments, and tags. On the tools
page a count of pending comments and tags is shown.
Signed-off-by: Liz Rea <wizzyrea@gmail.com>
Counts appear for all types of actionable items listed, all are clickable through to the proper place.
Nice work!
Updated all scripts appearing on the tools page
to respect a granular permission defined for
each of them.
The tools menu and home page have been changed so
that only the specific tools that a user has
access are displayed. This is simple, but depending on
the module and circumstance, it may be better to
display functions that the user has does not have
access to, but disable the links and do some sort
of visual styling to indicate that a function exists
but requires additional privileges to access.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
So this implies quite a change for files.
Sorry about conflicts which will be caused.
directory Interface::CGI should now be dropped.
I noticed that many scripts (reports ones, but also some circ/stats.pl or opac-topissues) still use Date::Manip.