Koha/t/Acquisition/CanUserManageBasket.t
Julian Maurice 54616c37e2 Bug 7295: More granular permissions for baskets
- Add branch info to baskets
- Add a list of borrowers that are allowed to manage a basket (one list
for each basket).
- Add a new subpermission: acquisition => order_manage_all

If user is superlibrarian, or if that user has permission acquisition = 1
(GranularPermissions = OFF), or subpermission acquisition =>
order_manage_all (GranularPermissions = ON), that user is authorised to manage
all baskets.

Depending on syspref AcqViewBaskets:
  'all': user can manage all baskets
  'branch': user can manage baskets of their branch (the basket branch is
            taken into account, not the branch of the basket's creator).
            If basket branch is not defined, all users can manage this
            basket.
  'user': user can manage baskets she created, and baskets in their
          user list

There are unit tests in t/Acquisition/CanUserManageBasket.t, which
require Test::MockModule

You can edit basket's branch and users list in basket modification page
(acqui/basket.pl)

Signed-off-by: Sonia Bouis <sonia.bouis@univ-lyon3.fr>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-10-31 16:35:35 +00:00

204 lines
5 KiB
Perl

#!/usr/bin/perl
use Modern::Perl;
use Test::MockModule;
use Test::More tests => 42;
use C4::Acquisition;
my $C4_Acquisition_module = new Test::MockModule('C4::Acquisition');
$C4_Acquisition_module->mock('GetBasketUsers', \&Mock_GetBasketUsers);
my $C4_Context_module = new Test::MockModule('C4::Context');
$C4_Context_module->mock('preference', \&Mock_preference);
my $AcqViewBaskets;
my %basketusers = (
1 => [],
2 => [1, 2],
3 => [],
4 => [1, 2],
);
# Borrowers
my $borrower1 = {
borrowernumber => 1,
branchcode => 'B1',
};
my $borrower2 = {
borrowernumber => 2,
branchcode => 'B2',
};
# Baskets
my $basket1 = {
basketno => 1,
authorisedby => 1
};
my $basket2 = {
basketno => 2,
authorisedby => 2,
};
my $basket3 = {
basketno => 3,
authorisedby => 3,
branch => 'B1'
};
my $basket4 = {
basketno => 4,
authorisedby => 4,
branch => 'B1'
};
my $flags = {
acquisition => {
order_manage => 1
}
};
#################
# Start testing #
#################
# ----------------------
# AcqViewBaskets = 'all'
# ----------------------
$AcqViewBaskets = 'all';
# Simple cases where user can't manage basket
ok( not CanUserManageBasket($borrower1, $basket1, {}) );
ok( not CanUserManageBasket($borrower1, $basket1, {
acquisition => 0
}) );
ok( not CanUserManageBasket($borrower1, $basket1, {
acquisition => {
order_manage => 0
}
}) );
# Simple cases where user can manage basket
ok( CanUserManageBasket($borrower1, $basket1, {
superlibrarian => 1
}) );
ok( CanUserManageBasket($borrower1, $basket1, {
acquisition => 1
}) );
ok( CanUserManageBasket($borrower1, $basket1, {
acquisition => {
order_manage_all => 1
}
}) );
ok( CanUserManageBasket($borrower1, $basket1, $flags) );
ok( CanUserManageBasket($borrower1, $basket2, $flags) );
ok( CanUserManageBasket($borrower1, $basket3, $flags) );
ok( CanUserManageBasket($borrower1, $basket4, $flags) );
ok( CanUserManageBasket($borrower2, $basket1, $flags) );
ok( CanUserManageBasket($borrower2, $basket2, $flags) );
ok( CanUserManageBasket($borrower2, $basket3, $flags) );
ok( CanUserManageBasket($borrower2, $basket4, $flags) );
# -------------------------
# AcqViewBaskets = 'branch'
# -------------------------
$AcqViewBaskets = 'branch';
# Simple cases where user can't manage basket
ok( not CanUserManageBasket($borrower1, $basket1, {}) );
ok( not CanUserManageBasket($borrower1, $basket1, {
acquisition => 0
}) );
ok( not CanUserManageBasket($borrower1, $basket1, {
acquisition => {
order_manage => 0
}
}) );
# Simple cases where user can manage basket
ok( CanUserManageBasket($borrower1, $basket1, {
superlibrarian => 1
}) );
ok( CanUserManageBasket($borrower1, $basket1, {
acquisition => 1
}) );
ok( CanUserManageBasket($borrower1, $basket1, {
acquisition => {
order_manage_all => 1
}
}) );
ok( CanUserManageBasket($borrower1, $basket1, $flags) );
ok( CanUserManageBasket($borrower1, $basket2, $flags) );
ok( CanUserManageBasket($borrower1, $basket3, $flags) );
ok( CanUserManageBasket($borrower1, $basket4, $flags) );
ok( CanUserManageBasket($borrower2, $basket1, $flags) );
ok( CanUserManageBasket($borrower2, $basket2, $flags) );
# borrower2 is not on the same branch as basket3 and basket4
ok( not CanUserManageBasket($borrower2, $basket3, $flags) );
ok( not CanUserManageBasket($borrower2, $basket4, $flags) );
# -----------------------
# AcqViewBaskets = 'user'
# -----------------------
$AcqViewBaskets = 'user';
# Simple cases where user can't manage basket
ok( not CanUserManageBasket($borrower1, $basket1, {}) );
ok( not CanUserManageBasket($borrower1, $basket1, {
acquisition => 0
}) );
ok( not CanUserManageBasket($borrower1, $basket1, {
acquisition => {
order_manage => 0
}
}) );
# Simple cases where user can manage basket
ok( CanUserManageBasket($borrower1, $basket1, {
superlibrarian => 1
}) );
ok( CanUserManageBasket($borrower1, $basket1, {
acquisition => 1
}) );
ok( CanUserManageBasket($borrower1, $basket1, {
acquisition => {
order_manage_all => 1
}
}) );
ok( CanUserManageBasket($borrower1, $basket1, $flags) );
ok( CanUserManageBasket($borrower1, $basket2, $flags) );
# basket3 is not managed or created by borrower1
ok( not CanUserManageBasket($borrower1, $basket3, $flags) );
ok( CanUserManageBasket($borrower1, $basket4, $flags) );
# basket 1 is not managed or created by borrower2
ok( not CanUserManageBasket($borrower2, $basket1, $flags) );
ok( CanUserManageBasket($borrower2, $basket2, $flags) );
# basket 3 is not managed or created by borrower2
ok( not CanUserManageBasket($borrower2, $basket3, $flags) );
ok( CanUserManageBasket($borrower2, $basket4, $flags) );
# Mocked subs
# C4::Acquisition::GetBasketUsers
sub Mock_GetBasketUsers {
my ($basketno) = @_;
return @{ $basketusers{$basketno} };
}
# C4::Context->preference
sub Mock_preference {
my ($self, $variable) = @_;
if (lc($variable) eq 'acqviewbaskets') {
return $AcqViewBaskets;
}
}