Commit graph

9 commits

Author SHA1 Message Date
bc5decc913 Bug 27716: Update permissions for patroncards creator
The various subpages of the label creator tool we're under the
'catalogue' permission. There is however a 'label_creator' subpermission
of tools which is more appropriate.

Test plan
1/ Setup a user with just the 'catelogue' permission (to enable logging
into the staff interface)
2/ With the patch applied you should not be able to access the following
pages (either via navigation in the UI or by typing them into the
browser address bar directly)
  - /patroncards/add_user_search.pl
  - /patroncards/edit-batch.pl
  - /patroncards/edit-layout.pl
  - /patroncards/edit-profile.pl
  - /patroncards/edit-template.pl
  - /patroncards/home.pl
  - /patroncards/image-manage.pl
  - /patroncards/manage.pl
  - /patroncards/print.pl
3/ Signoff

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-03-16 16:08:30 +01:00
Julian Maurice
96cc447045 Bug 25898: Prohibit indirect object notation
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2020-10-15 12:56:30 +02:00
638786e719 Bug 24663: Remove authnotrequired if set to 0
It defaults to 0 in get_template_and_user

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2020-09-03 10:40:35 +02:00
df97814f30 Bug 15758: Koha::Libraries - Remove GetBranches
Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-08 14:36:03 +00:00
6ee8dd3a59 Bug 15407: Koha::Patron::Categories - replace C4::Category->all
The C4::Category module contained only 1 method to return the patron
categories available for the logged in user.
The new method Koha::Patron::Categories->search_limited does exactly the
same thing (see tests) and must be used in place of it.

Test plan:
- Same prerequisite as before
For the following pages, you should not see patron categories limited to
other libraries.
- On the 'Item circulation alerts' admin page
  (admin/item_circulation_alerts.pl), modify the settings for check-in
  and checkout (NOTE: Should not we display all patron categories on
  this page? If yes, it must be done in another bug report to ease
  backporting it).
- Search for patrons in the admin (budget) and acquisition (order) module.
- On the patron home page (search form in the header)

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-08 13:29:03 +00:00
3bb51d0386 Bug 16459: Add patron to a patron card requires catalogue permission
Currently, serials => 'routing' is required, which does not make any
sense.
It's a copy/paste error when this file has been created (you can blame
me).

Note that I am not sure catalogue is the correct permission, but it's
the one used almost everywhere in this module

Test plan:
Confirm that catalogue is enough to search for patrons to add to a
patron card.

Signed-off-by: Srdjan <srdjan@catalyst.net.nz>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-07-08 12:46:25 +00:00
defcfd050e Bug 15109: Make name the default sort order for all patron searches
Find another place where there is a patron search (add user to a basket,
add users to a fund or edit owner of a fund, set a guarantor to a child,
etc.).
Do a search a confirm that the results are now sorted by name instead of
cardnumber.

Signed-off-by: Nicole Engard <nengard@bywatersolutions.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2015-11-17 09:49:21 -03:00
Jonathan Druart
8d3ee81b14 Bug 13891: DataTables server-side processing - Fix regressions
This patch fixes the regressions introduced by the previous patches.
If you have tested all in once, you didn't see them.

It introduces library, category and "first letter" filters.

Test plan:
1/ On all pages impacted by previous patches + new order empty (link patron to
an order) + guarantor search
2/ Add / Select patron to the list
3/ Use the filters
4/ Confirm there is no regression

Tested together with other patches.
Signed-off-by: Marc Veron <veron@veron.ch>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-04-13 10:55:30 -03:00
Jonathan Druart
f6c750165d Bug 13891: DataTables server-side processing - patron cards
This third patch removes the previous way to search for patron cards users.

Test plan:
1/ Add items to a patron card batch (patroncards/edit-batch.pl?op=edit&element_id=X)
2/ Add 1+ patrons to the batch
3/ Confirm there is no regression

Tested together with other patches.
Signed-off-by: Marc Veron <veron@veron.ch>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-04-13 10:55:24 -03:00