Commit graph

19 commits

Author SHA1 Message Date
45d99e7a0b Bug 33595: (bug 26628 follow-up) Fix authorization for tools-home.pl
If you log into the OPAC as a user with no flags, you can see a restricted view of
/cgi-bin/koha/tools/tools-home.pl instead of seeing the login screen.

Test plan:
Use a patron with catalogue permission only
Login and access the tools home page
=> redirected to the login screen

Add a club sub permission
Login and access the tools home page
=> You see the tools home page with the clubs link

Add a tool sub permission, remove club
Login and access the tools home page
=> You see the tools home page with the relevant link

Signed-off-by: David Cook <dcook@prosentient.com.au>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
2023-05-16 11:47:15 +02:00
Katrin Fischer
50927bb9b5
Bug 26628: Fix access to clubs when user only has clubs permission
If a user only has the clubs and no permission from the tools section,
they can't access the patron clubs page by navigation. This patch
extends the permission checks for tools to include the clubs, that
live on the tools page, but have a top level permission.

To test:
- create a patron with only the catalogue and clubs permissions
- log in to the staff client as that patron
- navigate to a patron record, confirm you can see the Clubs tab in the patron account, can add patrons to and remove patrons from clubs
- confirm you don't have a link to the Tools module either on the Koha homepage or in the More menu
- enter the clubs URL manually (/cgi-bin/koha/clubs/clubs.pl), confirm you are allowed to open the page
- Apply patch
- The only changes should be:
  - You can now see the Tools entry in the More navigation menu
  - You can now see the Tools module link on the start page
  - Both take you to the tools page, only visible tools is 'Patron clubs'

Signed-off-by: Andrew Fuerste-Henry <andrewfh@dubcolib.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-01-31 10:50:52 -03:00
9d6d641d1f Bug 17600: Standardize our EXPORT_OK
On bug 17591 we discovered that there was something weird going on with
the way we export and use subroutines/modules.
This patch tries to standardize our EXPORT to use EXPORT_OK only.

That way we will need to explicitely define the subroutine we want to
use from a module.

This patch is a squashed version of:
Bug 17600: After export.pl
Bug 17600: After perlimport
Bug 17600: Manual changes
Bug 17600: Other manual changes after second perlimports run
Bug 17600: Fix tests

And a lot of other manual changes.

export.pl is a dirty script that can be found on bug 17600.

"perlimport" is:
git clone https://github.com/oalders/App-perlimports.git
cd App-perlimports/
cpanm --installdeps .
export PERL5LIB="$PERL5LIB:/kohadevbox/koha/App-perlimports/lib"
find . \( -name "*.pl" -o -name "*.pm" \) -exec perl App-perlimports/script/perlimports --inplace-edit --no-preserve-unused --filename {} \;

The ideas of this patch are to:
* use EXPORT_OK instead of EXPORT
* perltidy the EXPORT_OK list
* remove '&' before the subroutine names
* remove some uneeded use statements
* explicitely import the subroutines we need within the controllers or
modules

Note that the private subroutines (starting with _) should not be
exported (and not used from outside of the module except from tests).

EXPORT vs EXPORT_OK (from
https://www.thegeekstuff.com/2010/06/perl-exporter-examples/)
"""
Export allows to export the functions and variables of modules to user’s namespace using the standard import method. This way, we don’t need to create the objects for the modules to access it’s members.

@EXPORT and @EXPORT_OK are the two main variables used during export operation.

@EXPORT contains list of symbols (subroutines and variables) of the module to be exported into the caller namespace.

@EXPORT_OK does export of symbols on demand basis.
"""

If this patch caused a conflict with a patch you wrote prior to its
push:
* Make sure you are not reintroducing a "use" statement that has been
removed
* "$subroutine" is not exported by the C4::$MODULE module
means that you need to add the subroutine to the @EXPORT_OK list
* Bareword "$subroutine" not allowed while "strict subs"
means that you didn't imported the subroutine from the module:
  - use $MODULE qw( $subroutine list );
You can also use the fully qualified namespace: C4::$MODULE::$subroutine

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-07-16 08:58:47 +02:00
6f204fdf96 Bug 28591: Don't pass debug to get_template_and_user
There is a "debug" parameter we are passing from the controller scripts
to C4::Auth::get_template_and_user, but it's not actually used!

Test plan:
Confirm the assumption
Review the changes from this patch

Generated with:
perl -p -i -e 's#\s*debug\s*=\>\s*(0|1),?\s*##gms' **/*.pl

git checkout misc/devel/update_dbix_class_files.pl # Wrong catch
+ Manual fix in acqui/neworderempty.pl

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-06-22 12:04:32 +02:00
Julian Maurice
96cc447045 Bug 25898: Prohibit indirect object notation
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2020-10-15 12:56:30 +02:00
fb59f3f0f0 Bug 26338: Show tool plugins run in tools home
In tools home there is a link to the table showing tool plugins.
Would be great to be able to run a tool plugin directly from tools home.

Also adds the behavior than if there is no tool plugin, "Tool plugins"
section is not displayed in tools home.
No need of a link that goes to an empty table ;)

Test plan :
1) Enable plugins, dont install any
2) Go to "Tools" module : /cgi-bin/koha/tools/tools-home.pl
3) Check you dont see "Tool plugins"
4) Install a tool plugin like Carrousel https://inlibro.com/instructions-carrousel/
5) Refresh /cgi-bin/koha/tools/tools-home.pl
6) Check you see "Tool plugins" and a link to Carrousel
7) Click on link to Carrousel => You see plugin run
8) Disable Carrousel plugin
9) Refresh /cgi-bin/koha/tools/tools-home.pl
10) Check you dont see "Tool plugins"

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2020-09-30 17:30:13 +02:00
638786e719 Bug 24663: Remove authnotrequired if set to 0
It defaults to 0 in get_template_and_user

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2020-09-03 10:40:35 +02:00
e484b543f7 Bug 18403: Patron reviews
This patch adds a new method Koha::Reviews->search_limited to return the
reviews
a logged in user is allowed to see depending his permissions.

Test plan:
Create some reviews at the OPAC and make sure a staff user is limited
(or not) to approve
or decline it.
The number of reviews displayed on the mainpage should be correct as
well.

Signed-off-by: Signed-off-by: Jon McGowan <jon.mcgowan@ptfs-europe.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-02-12 15:41:41 -03:00
3cf4d92a5f Bug 15839: Koha::Reviews - Remove getnumberofreviews
Signed-off-by: Marc Veron <veron@veron.ch>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-09 10:29:58 +00:00
Jonathan Druart
ba0f84b46c Bug 9978: (followup) Replace license header with the correct license (GPLv3+)
There was another form of the v2.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-04-20 09:59:43 -03:00
Jonathan Druart
e20270fec4 Bug 11944: use CGI( -utf8 ) everywhere
Signed-off-by: Paola Rossi <paola.rossi@cineca.it>
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Dobrica Pavlinusic <dpavlin@rot13.org>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-01-13 13:07:21 -03:00
afd2418d73 Bug 11349: Change .tmpl -> .tt in scripts using templates
Since we switched to Template Toolkit we don't need to stick with the
sufix we used for HTML::Template::Pro.

This patch changes the occurences of '.tmpl' in favour of '.tt'.

To test:
- Apply the patch
- Install koha, and verify that every page can be accesed

Regards
To+

P.S. a followup will remove the glue code.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2014-07-17 11:05:49 -03:00
d3c02c6bb6 Bug 7259 - Show a count of items pending approval on staff client home and tools pages
This patch adds count indicators on the staff client home page and
the tools page for the number of items pending approval. On the
home page this includes suggestions, comments, and tags. On the tools
page a count of pending comments and tags is shown.

Signed-off-by: Liz Rea <wizzyrea@gmail.com>
Counts appear for all types of actionable items listed, all are clickable through to the proper place.

Nice work!
2011-12-08 12:04:28 +01:00
Garry Collum
5707371eda Bug 2505: Enabled warnings in tools-home.pl, holidays.pl, exceptionHolidays.pl, and newHolidays.pl
Tested for warnings after addition of 'use warnings.' No warnings were generated.

Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2009-09-12 08:38:35 -04:00
Galen Charlton
fc6ccb1a61 granular permissions - updated Tools
Updated all scripts appearing on the tools page
to respect a granular permission defined for
each of them.

The tools menu and home page have been changed so
that only the specific tools that a user has
access are displayed.  This is simple, but depending on
the module and circumstance, it may be better to
display functions that the user has does not have
access to, but disable the links and do some sort
of visual styling to indicate that a function exists
but requires additional privileges to access.

Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-04-10 15:53:30 -05:00
hdl
100e6a9808 functions that were in C4::Interface::CGI::Output are now in C4::Output.
So this implies quite a change for files.
Sorry about conflicts which will be caused.
directory Interface::CGI should now be dropped.
I noticed that many scripts (reports ones, but also some circ/stats.pl or opac-topissues) still use Date::Manip.
2007-04-24 13:54:28 +00:00
tipaul
fc1342f73d rel_3_0 moved to HEAD 2007-03-09 15:12:54 +00:00
tgarip1957
04b2e6112f Finalized XML version for intranet 2006-09-27 21:19:21 +00:00
tipaul
01d9a65f9c adding menu-tools item 2006-08-11 16:33:01 +00:00