Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Koha/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/acqui-home.tt
Jonathan Druart ae53caa681
Bug 22868: Move suggestions_manage subperm out of acquisition perm 
Bug 11911 replaced the permission of suggestions.pl (create a purchase
suggestion) from catalogue => 1 to acquisition => 'suggestions_manage'.
However we have a lot of acquisition scripts that have lax permissions
(acquisition => '*' which means any sub permissions of acquisition is
enough).

That causes problem when a circulation staff can create purchase
suggestions but not access acquisition information.

One solution is to move the suggestions_manage subpermission out of the
acquisition permission and create a new suggestion permission.

Test plan:
0. Setup
* Create a patron with several permission (and full acquisition
permission)
* Create another patron with several permission, and suggestions_manage
permission
* Create another patron without the suggestions_manage permission
1. Apply the patch and execute the update database entry
2. Note that the third patron you create still does not have
suggestions_manage
3. Confirm that you can create a purchase suggestion if you have
suggestions_manage, but cannot access acquisition pages if you do not
have any subpermissions of the acquisition permission

Signed-off-by: Hayley Mapley <hayleymapley@catalyst.net.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-01-30 08:27:00 +00:00

268 lines
10 KiB
Text
Raw Blame History

[% USE raw %]
[% USE Asset %]
[% USE Price %]
[% USE Branches %]
[% SET footerjs = 1 %]
[% INCLUDE 'doc-head-open.inc' %]
<title>Koha &rsaquo; Acquisitions</title>
[% INCLUDE 'doc-head-close.inc' %]
[% Asset.css("lib/jquery/plugins/treetable/stylesheets/jquery.treetable.css") | $raw %]
</head>
<body id="acq_acqui-home" class="acq">
[% INCLUDE 'header.inc' %]
[% INCLUDE 'acquisitions-search.inc' %]
<div id="breadcrumbs"><a href="/cgi-bin/koha/mainpage.pl">Home</a> &rsaquo; Acquisitions</div>
<div class="main container-fluid">
<div class="row">
<div class="col-sm-10 col-sm-push-2">
<main>
[% INCLUDE 'acquisitions-toolbar.inc' %]
<h1>Acquisitions</h1>
[% INCLUDE 'budgets-active-currency.inc' hide = 'yes' %]
[% UNLESS ( loop_budget ) %]
[% IF ( CAN_user_acquisition_period_manage ) %]
<div class="dialog alert"><a href="/cgi-bin/koha/admin/aqbudgetperiods.pl">You must define a budget in Administration</a></div>
[% ELSE %]
<div class="dialog alert">Your administrator must define a budget in Administration</div>
[% END %]
[% END %]
<div class="row">
[% IF ( suggestion && suggestions_count ) %]
<div class="col-sm-6">
[% ELSE %]
<div class="col-sm-12">
[% END %]
<div id="acqui_acqui_home_order">
<fieldset>
<legend>Manage orders</legend>
<form name="findsupplier" action="/cgi-bin/koha/acqui/booksellers.pl" method="post">
<p><label for="supplierpage">Vendor: </label><input type="text" size="25" name="supplier" id="supplierpage" class="focus" />
<input type="submit" value="Search" />
</p>
</form>
</fieldset>
</div>
</div>
[% IF ( CAN_user_suggestions_suggestions_manage && suggestion && suggestions_count ) %]
<div class="col-sm-6">
<div id="acqui_acqui_home_suggestions">
<fieldset>
<legend>Pending suggestions</legend>
<p>[% suggestions_count | html %] suggestions waiting. <a href="/cgi-bin/koha/suggestion/suggestion.pl#ASKED">Manage suggestions</a>.</p>
</fieldset>
</div>
</div>
[% END %]
</div>
[% IF ( loop_budget ) %]
<h3>All available funds[% IF LoginBranchname %] for [% LoginBranchname | html %][% END %]</h3>
<div id="BudgetsAndFunds">
<table id="accounts">
<caption>
<span class="actions"><a href="#" id="expand_all">Expand all</a>
| <a href="#" id="collapse_all">Collapse all</a>
| <a href="#" id="hide_inactive">Hide inactive budgets</a>
| <a href="#" id="show_inactive">Show inactive budgets</a>
| <select id="library-filter">
<option value="">Filter by library</option>
[% FOREACH b IN Branches.all %]
<option value="[% b.branchname | html %]">[% b.branchname | html %]</option>
[% END %]
</select>
</span>
</caption>
<thead>
<tr>
<th>Active</th>
<th>Budget period description</th>
<th>Fund code</th>
<th>Fund name</th>
<th>Owner</th>
<th>Library</th>
<th>Amount</th>
<th>Ordered</th>
<th>Spent</th>
<th>Total available</th>
</tr>
</thead>
<tfoot id="funds_total">
<tr>
<th></th>
<th></th>
<th colspan="4">Total</th>
<th class="data"></th>
<th class="data"></th>
<th class="data"></th>
<th class="data"></th>
</tr>
</tfoot>
<tbody>
[% FOREACH loop_budge IN loop_budget %]
[% IF loop_budge.budget_parent_id %]
<tr data-tt-id="[% loop_budge.budget_id | html %]" data-tt-parent-id="[% loop_budge.budget_parent_id | html %]">
[% ELSE %]
<tr data-tt-id="[% loop_budge.budget_id | html %]">
[% END %]
<td>[% loop_budge.budget_period_active | html %]</td>
<td>Budget [% loop_budge.budget_period_description | html %] [id=[% loop_budge.budget_period_id | html %]][% UNLESS loop_budge.budget_period_active %] (inactive)[% END %]</td>
<td>
[% IF ( CAN_user_acquisition_budget_manage ) %]
<a href="/cgi-bin/koha/admin/aqbudgets.pl?budget_period_id=[% loop_budge.budget_period_id | uri %]">[% loop_budge.budget_code | html %]</a>
[% ELSE %]
[% loop_budge.budget_code | html %]
[% END %]
</td>
<td>[% loop_budge.budget_name | html %]</td>
<td>[% IF ( loop_budge.budget_owner ) %]
<a href="/cgi-bin/koha/members/moremember.pl?borrowernumber=[% loop_budge.budget_owner.borrowernumber | uri %]">[% loop_budge.budget_owner.surname | html %], [% loop_budge.budget_owner.firstname | html %]</a>
[% ELSE %]
&nbsp;
[% END %]
</td>
<td>[% Branches.GetName( loop_budge.budget_branchcode ) | html %]</td>
<td class="data">
[% IF loop_budge.budget_parent_id %]
[% loop_budge.budget_amount | $Price %]
[% ELSE %]
<span class="total_amount">[% loop_budge.budget_amount | $Price %]</span>
[% END %]
</td>
<td class="data">
<a href="ordered.pl?fund=[% loop_budge.budget_id | uri %]&amp;fund_code=[% loop_budge.budget_code | uri %]">
[% IF loop_budge.budget_parent_id %]
[% loop_budge.budget_ordered | $Price %]
[% ELSE %]
<span class="total_amount">[% loop_budge.budget_ordered | $Price %]</span>
[% END %]
</a>
</td>
<td class="data">
<a href="spent.pl?fund=[% loop_budge.budget_id | uri %]&amp;fund_code=[% loop_budge.budget_code | uri %]">
[% IF loop_budge.budget_parent_id %]
[% loop_budge.budget_spent | $Price %]
[% ELSE %]
<span class="total_amount">[% loop_budge.budget_spent | $Price %]</span>
[% END %]
</a>
</td>
<td class="data">
[% IF loop_budge.budget_parent_id %]
[% loop_budge.budget_avail | $Price %]
[% ELSE %]
<span class="total_amount">[% loop_budge.budget_avail | $Price %]</span>
[% END %]
</td>
</tr>
[% END %]
</tbody>
</table>
</div>
[% END %]
</main>
</div> <!-- /.col-sm-10.col-sm-push-2 -->
<div class="col-sm-2 col-sm-pull-10">
<aside>
[% INCLUDE 'acquisitions-menu.inc' %]
</aside>
</div>
</div> <!-- /.row -->
[% MACRO jsinclude BLOCK %]
[% INCLUDE 'datatables.inc' %]
[% Asset.js("lib/jquery/plugins/treetable/jquery.treetable.js") | $raw %]
[% Asset.js("js/acquisitions-menu.js") | $raw %]
<script>
dt_overwrite_html_sorting_localeCompare();
$(document).ready(function() {
var oTable = $("#accounts").dataTable($.extend(true, {}, dataTablesDefaults, {
"fnDrawCallback": function ( oSettings ) {
if ( oSettings.aiDisplay.length == 0 )
{
return;
}
var nTrs = $('#accounts tbody tr');
var iColspan = nTrs[0].getElementsByTagName('td').length;
var sLastGroup = "";
for ( var i=0 ; i<nTrs.length ; i++ )
{
var iDisplayIndex = oSettings._iDisplayStart + i;
var sGroup = oSettings.aoData[ oSettings.aiDisplay[iDisplayIndex] ]._aData[1];
if ( sGroup != sLastGroup )
{
var nGroup = document.createElement( 'tr' );
var nCell = document.createElement( 'td' );
nCell.colSpan = iColspan;
nCell.className = "group";
nCell.innerHTML = sGroup;
nGroup.appendChild( nCell );
nTrs[i].parentNode.insertBefore( nGroup, nTrs[i] );
sLastGroup = sGroup;
}
}
},
"footerCallback": function ( row, data, start, end, display ) {
var api = this.api(), data;
footer_column_sum( api, [ 6, 7, 8, 9 ] );
},
"aoColumnDefs": [
{ "bVisible": false, "aTargets": [ 0, 1 ] },
{ "bSortable": false, "aTargets": ["_all"] }
],
'dom': '<"top pager"ilpf>tr<"bottom pager"ip>',
'bSort': true,
'aaSortingFixed': [[ 1, 'asc' ]],
'bPaginate': false,
"bAutoWidth": false
}));
$(oTable).treetable({
expandable: true
});
$(oTable).treetable('expandAll');
$("#expand_all").click(function(e){
e.preventDefault();
$(oTable).treetable('expandAll');
});
$("#collapse_all").click(function(e){
e.preventDefault();
$(oTable).treetable('collapseAll');
});
$("#hide_inactive").click(function(e){
e.preventDefault();
oTable.fnFilter( 1, 0 ); // Show only active=1
});
$("#show_inactive").click(function(e){
e.preventDefault();
oTable.fnFilter( '', 0 );
});
$("#hide_inactive").click();
$("#library-filter").change(function(){
$("#accounts").DataTable().search(this.value);
$("#accounts").DataTable().draw();
});
});
</script>
[% END %]
[% INCLUDE 'intranet-bottom.inc' %]
View git blame Copy permalink