252f4674a5
So far the administration module only allowed for 2 permissions:
- circulation conditions (manage_circ_rules)
- everything else (parameters_remaining_permissions)
With this patch almost every section of the administration page
will have its own granular permission.
To test:
- Create different staff users:
1) One with parameters_remaining_permissions
2) One with parameters
3) One with catalogue and no parameters
4) One superlibrarian
- Apply the patch
- Run the database update
- Check the staff users:
1) All subpermissions, but manage_circ_rules
should be checked
2) Nothing should have changed
3) manage_item_serach_fields shoudl be checked
(page had catalogue permission before)
4) Nothing should have changed
- Try different settings of the permissions and
verify that
- Administration page behaves correctly
- Administration menu behaves correctly
! You shoudl only see what you have permission for
https://bugs.koha-community.org/show_bug.cgi?id=14391
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
102 lines
2.6 KiB
Perl
Executable file
102 lines
2.6 KiB
Perl
Executable file
#!/usr/bin/perl
|
|
|
|
# Copyright 2011 BibLibre SARL
|
|
# This file is part of Koha.
|
|
#
|
|
# Koha is free software; you can redistribute it and/or modify it
|
|
# under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation; either version 3 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# Koha is distributed in the hope that it will be useful, but
|
|
# WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with Koha; if not, see <http://www.gnu.org/licenses>.
|
|
|
|
=head1 NAME
|
|
|
|
oai_sets.pl
|
|
|
|
=head1 DESCRIPTION
|
|
|
|
Admin page to describe OAI SETs
|
|
|
|
=cut
|
|
|
|
use Modern::Perl;
|
|
|
|
use CGI qw ( -utf8 );
|
|
use C4::Auth;
|
|
use C4::Output;
|
|
use C4::OAI::Sets;
|
|
|
|
use Data::Dumper;
|
|
|
|
my $input = new CGI;
|
|
my ($template, $loggedinuser, $cookie, $flags) = get_template_and_user( {
|
|
template_name => 'admin/oai_sets.tt',
|
|
query => $input,
|
|
type => 'intranet',
|
|
authnotrequired => 0,
|
|
flagsrequired => { 'parameters' => 'manage_oai_sets' },
|
|
debug => 1,
|
|
} );
|
|
|
|
my $op = $input->param('op');
|
|
|
|
if($op && $op eq "new") {
|
|
$template->param( op_new => 1 );
|
|
} elsif($op && $op eq "savenew") {
|
|
my $spec = $input->param('spec');
|
|
my $name = $input->param('name');
|
|
my @descriptions = $input->multi_param('description');
|
|
AddOAISet({
|
|
spec => $spec,
|
|
name => $name,
|
|
descriptions => \@descriptions
|
|
});
|
|
} elsif($op && $op eq "mod") {
|
|
my $id = $input->param('id');
|
|
my $set = GetOAISet($id);
|
|
$template->param(
|
|
op_mod => 1,
|
|
id => $set->{'id'},
|
|
spec => $set->{'spec'},
|
|
name => $set->{'name'},
|
|
descriptions => [ map { {description => $_} } @{ $set->{'descriptions'} } ],
|
|
);
|
|
} elsif($op && $op eq "savemod") {
|
|
my $id = $input->param('id');
|
|
my $spec = $input->param('spec');
|
|
my $name = $input->param('name');
|
|
my @descriptions = $input->multi_param('description');
|
|
ModOAISet({
|
|
id => $id,
|
|
spec => $spec,
|
|
name => $name,
|
|
descriptions => \@descriptions
|
|
});
|
|
} elsif($op && $op eq "del") {
|
|
my $id = $input->param('id');
|
|
DelOAISet($id);
|
|
}
|
|
|
|
my $OAISets = GetOAISets;
|
|
my @sets_loop;
|
|
foreach(@$OAISets) {
|
|
push @sets_loop, {
|
|
id => $_->{'id'},
|
|
spec => $_->{'spec'},
|
|
name => $_->{'name'},
|
|
descriptions => [ map { {description => $_} } @{ $_->{'descriptions'} } ]
|
|
};
|
|
}
|
|
|
|
$template->param(
|
|
sets_loop => \@sets_loop,
|
|
);
|
|
|
|
output_html_with_http_headers $input, $cookie, $template->output;
|