Alex Buckley
008ed48d66
Public lists with 'Allow changes to contents from' = 'Permitted staff only' can have their contents managed by Koha patrons with either of the permissions below: - superlibrarian permission - catalogue permission + 'edit_public_list_contents' sub-permission Test plan: 1. Apply patches, update database, restart services 2. In the staff client go to: Lists > New List 3. Create a list, choose 'Allow changes to contents from' => 'Permitted staff only' 4. Log into the OPAC as a patron with no permissions. 5. Confirm you CANNOT add a biblio to the list from the OPAC search result page and OPAC biblio detail pages 6. Log into the OPAC as a patron with only the 'catalogue' permissions enabled 7. Confirm you CANNOT add a biblio to the list from OPAC search result or biblio detail pages 8. Log into the OPAC as a patron with the 'catalogue' and 'edit_public_list_contents' permissions enabled 9. Confirm you CAN add/remove biblios from the OPAC search result and biblio detail pages 10. Log into the OPAC as a patron with superlibrarian permissions 11. Confirm you CAN add a biblio to the list from the OPAC search result page and OPAC biblio detail pages 12. Log into the staff client as a patron with only the 'catalogue' permission and confirm you CANNOT add/remove records from the list 13. Log into the staff client as a patron with the 'catalogue' and 'edit_public_list_contents' sub-permission (found under 'Lists' parent permission) 14. Confirm you CAN add/remove records from the list 15. Login into thestaff client as a patron with 'superlibrarian' permissions and confirm you CAN add/remove records from the list Sponsored-by: Catalyst IT, New Zealand Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Lucas Gass <lucas@bywatersolutions.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
217 lines
7.8 KiB
Perl
Executable file
217 lines
7.8 KiB
Perl
Executable file
#!/usr/bin/perl
|
|
|
|
# Copyright 2000-2002 Katipo Communications
|
|
# Copyright 2016 Koha Development Team
|
|
#
|
|
# This file is part of Koha.
|
|
#
|
|
# Koha is free software; you can redistribute it and/or modify it
|
|
# under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation; either version 3 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# Koha is distributed in the hope that it will be useful, but
|
|
# WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with Koha; if not, see <http://www.gnu.org/licenses>.
|
|
|
|
use Modern::Perl;
|
|
|
|
use CGI qw ( -utf8 );
|
|
use C4::Output qw( output_html_with_http_headers );
|
|
use C4::Auth qw( get_template_and_user );
|
|
|
|
use Koha::Biblios;
|
|
use Koha::Virtualshelves;
|
|
|
|
my $query = CGI->new;
|
|
my @biblionumbers = $query->multi_param('biblionumber');
|
|
my $selectedshelf = $query->param('selectedshelf');
|
|
my $newshelf = $query->param('newshelf');
|
|
my $shelfnumber = $query->param('shelfnumber');
|
|
my $newvirtualshelf = $query->param('newvirtualshelf');
|
|
my $public = $query->param('public');
|
|
my ( $errcode, $authorized ) = ( 0, 1 );
|
|
my @biblios;
|
|
|
|
# if virtualshelves is disabled, leave immediately
|
|
if ( !C4::Context->preference('virtualshelves') ) {
|
|
print $query->redirect("/cgi-bin/koha/errors/404.pl");
|
|
exit;
|
|
}
|
|
|
|
if ( scalar(@biblionumbers) == 1 ) {
|
|
@biblionumbers = ( split /\//, $biblionumbers[0] );
|
|
}
|
|
|
|
my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
|
|
{ template_name => "opac-addbybiblionumber.tt",
|
|
query => $query,
|
|
type => "opac",
|
|
}
|
|
);
|
|
|
|
if ($newvirtualshelf) {
|
|
if ($loggedinuser > 0
|
|
and ( !$public
|
|
or $public and $loggedinuser > 0 && C4::Context->preference('OpacAllowPublicListCreation') )
|
|
) {
|
|
my $shelf = eval { Koha::Virtualshelf->new( { shelfname => $newvirtualshelf, public => $public, owner => $loggedinuser, } )->store; };
|
|
if ( $@ or not $shelf ) {
|
|
$errcode = 1;
|
|
$authorized = 0;
|
|
} else {
|
|
for my $biblionumber (@biblionumbers) {
|
|
$shelf->add_biblio( $biblionumber, $loggedinuser );
|
|
}
|
|
|
|
#Reload the page where you came from
|
|
print $query->header;
|
|
print "<html><meta http-equiv=\"refresh\" content=\"0\" /><body onload=\"window.opener.location.reload(true);self.close();\"></body></html>";
|
|
exit;
|
|
}
|
|
}
|
|
} elsif ($shelfnumber) {
|
|
my $shelfnumber = $query->param('shelfnumber');
|
|
my $shelf = Koha::Virtualshelves->find($shelfnumber);
|
|
if ( $shelf->can_biblios_be_added($loggedinuser) ) {
|
|
for my $biblionumber (@biblionumbers) {
|
|
$shelf->add_biblio( $biblionumber, $loggedinuser );
|
|
}
|
|
|
|
#Close this page and return
|
|
print $query->header;
|
|
print "<html><meta http-equiv=\"refresh\" content=\"0\" /><body onload=\"self.close();\"></body></html>";
|
|
exit;
|
|
} else {
|
|
$authorized = 0;
|
|
}
|
|
} elsif ($selectedshelf) {
|
|
my $shelfnumber = $query->param('selectedshelf');
|
|
my $shelf = Koha::Virtualshelves->find($shelfnumber);
|
|
if ( $shelf->can_biblios_be_added($loggedinuser) ) {
|
|
$template->param(
|
|
singleshelf => 1,
|
|
shelfnumber => $shelf->shelfnumber,
|
|
shelfname => $shelf->shelfname,
|
|
);
|
|
} else {
|
|
$authorized = 0;
|
|
}
|
|
} else {
|
|
if ( $loggedinuser > 0 ) {
|
|
my $private_shelves = Koha::Virtualshelves->search(
|
|
{ public => 0,
|
|
owner => $loggedinuser,
|
|
allow_change_from_owner => 1,
|
|
},
|
|
{ order_by => 'shelfname' }
|
|
);
|
|
my $shelves_shared_with_me = Koha::Virtualshelves->search(
|
|
{ public => 0,
|
|
'virtualshelfshares.borrowernumber' => $loggedinuser,
|
|
allow_change_from_others => 1,
|
|
},
|
|
{ join => 'virtualshelfshares', }
|
|
);
|
|
my $public_shelves;
|
|
if ( $loggedinuser ) {
|
|
if ( Koha::Patrons->find( $loggedinuser )->can_patron_change_permitted_staff_lists ) {
|
|
$public_shelves = Koha::Virtualshelves->search(
|
|
{ public => 1,
|
|
-or => [
|
|
-and => {
|
|
allow_change_from_owner => 1,
|
|
owner => $loggedinuser,
|
|
},
|
|
allow_change_from_others => 1,
|
|
allow_change_from_staff => 1,
|
|
allow_change_from_permitted_staff => 1
|
|
],
|
|
},
|
|
{ order_by => 'shelfname' }
|
|
);
|
|
} elsif ( Koha::Patrons->find( $loggedinuser )->can_patron_change_staff_only_lists ) {
|
|
$public_shelves = Koha::Virtualshelves->search(
|
|
{ public => 1,
|
|
-or => [
|
|
-and => {
|
|
allow_change_from_owner => 1,
|
|
owner => $loggedinuser,
|
|
},
|
|
allow_change_from_others => 1,
|
|
allow_change_from_staff => 1
|
|
],
|
|
},
|
|
{ order_by => 'shelfname' }
|
|
);
|
|
} else {
|
|
$public_shelves = Koha::Virtualshelves->search(
|
|
{ public => 1,
|
|
-or => [
|
|
-and => {
|
|
allow_change_from_owner => 1,
|
|
owner => $loggedinuser,
|
|
},
|
|
allow_change_from_others => 1,
|
|
],
|
|
},
|
|
{order_by => 'shelfname' }
|
|
);
|
|
}
|
|
} else {
|
|
$public_shelves = Koha::Virtualshelves->search(
|
|
{ public => 1,
|
|
-or => [
|
|
-and => {
|
|
allow_change_from_owner => 1,
|
|
owner => $loggedinuser,
|
|
},
|
|
allow_change_from_others => 1,
|
|
],
|
|
},
|
|
{order_by => 'shelfname' }
|
|
);
|
|
}
|
|
|
|
$template->param(
|
|
private_shelves => $private_shelves,
|
|
private_shelves_shared_with_me => $shelves_shared_with_me,
|
|
public_shelves => $public_shelves,
|
|
);
|
|
} else {
|
|
$authorized = 0;
|
|
}
|
|
}
|
|
|
|
if ($authorized) {
|
|
for my $biblionumber (@biblionumbers) {
|
|
my $biblio = Koha::Biblios->find( $biblionumber );
|
|
push(
|
|
@biblios,
|
|
{ biblionumber => $biblionumber,
|
|
title => $biblio->title,
|
|
subtitle => $biblio->subtitle,
|
|
medium => $biblio->medium,
|
|
part_number => $biblio->part_number,
|
|
part_name => $biblio->part_name,
|
|
author => $biblio->author,
|
|
}
|
|
);
|
|
}
|
|
$template->param(
|
|
multiple => ( scalar(@biblios) > 1 ),
|
|
total => scalar @biblios,
|
|
biblios => \@biblios,
|
|
);
|
|
|
|
$template->param(
|
|
newshelf => $newshelf || 0,
|
|
OpacAllowPublicListCreation => C4::Context->preference('OpacAllowPublicListCreation'),
|
|
);
|
|
}
|
|
$template->param( authorized => $authorized, errcode => $errcode, );
|
|
output_html_with_http_headers $query, $cookie, $template->output, undef, { force_no_caching => 1 };
|