Main Koha release repository
https://koha-community.org
70d33a82bb
Enhanced the permission-checking functions in C4::Auth
(e.g., get_template_and_user, checkauth, check_api_auth, etc.).
If the CheckSpecificUserPermissions syspref is OFF, the behavior
of those APIs is unchanged.
If CheckSpecificUserPermissions is ON, then the value of each
key in the flagsrequired hash is considered during
the permissions check:
1. if the value is 1, the staff user must have
all privileges for the userflags flag (or module)
referred to by the hash key, e.g.,
{ flaqsrequired => { tools => 1 } }
In terms of the database, this means that the
corresponding bit must be set in borrowers.flags.
2. If the value is '*', the staff user must
have at least one of the permissions for the
userflag/module, but it doesn't matter which one.
In terms of the database, this means ether that the
corresponding bit must be set in borrowers.flags or
that there at least is one row in user_permissions
for the staff user and bit/module combination.
3. If the value is any other string, it must be
a permissions code defined in the permissions table.
The staff user must have that specific permission
or have access to all functions of the module
In terms of the database, this means ether that the
corresponding bit must be set in borrowers.flags or
that there is a matching row in user_permissions
for the staff user, bit/module, subpermission
code combination.
In addition, get_template_and_user is modified so that the
CAN_user_XXX variables that it sets also includes the
subpermissions available (CAN_user_XXX_YYY, e.g.,
CAN_user_tools_import_patrons). The template variables
for the specific permissions are set regardless of whether
CheckSpecificUserPermissions is ON or OFF so that the templates
don't have to test for that syspref explicitly.
In addition, the meaning of CAN_user_XXX has changed slightly -
CAN_user_tools, for example, is set to 1 in the template if the
user has access to *any* of the tools functions. This was done
to simply the logic for deciding whether to display a menu
item in the staff interface are not. This does mean that
when specific subpermissions are added to (say) the circulate
module, each use of CAN_user_circulate will need to be examined
to see if the intent is to allow the user to get at a circ
menu or page or if the user really should be required to have
all circulate functions.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
|
||
|---|---|---|
| acqui | ||
| admin | ||
| authorities | ||
| C4 | ||
| catalogue | ||
| cataloguing | ||
| circ | ||
| errors | ||
| etc | ||
| install_misc | ||
| installer | ||
| koha-tmpl | ||
| labels | ||
| members | ||
| misc | ||
| opac | ||
| reports | ||
| reserve | ||
| reviews | ||
| rss | ||
| serials | ||
| skel | ||
| sms | ||
| suggestion | ||
| svc | ||
| t | ||
| tmp/modified_authorities | ||
| tools | ||
| virtualshelves | ||
| .htaccess | ||
| about.pl | ||
| changelanguage.pl | ||
| edithelp.pl | ||
| fix-perl-path.PL | ||
| help.pl | ||
| INSTALL | ||
| install-CPAN.pl | ||
| INSTALL.debian | ||
| kohaversion.pl | ||
| LICENSE | ||
| mainpage.pl | ||
| Makefile.PL | ||
| MANIFEST.SKIP | ||
| README | ||
| rewrite-config.PL | ||
Koha 3 - the next-generation release of the award-winning Koha open-source integrated library system. 30 December 2007 - Joshua Ferraro <jmf AT liblime DOT com> Koha is distributed under the GNU GPL. Please read the file LICENSE for more details. To install or upgrade Koha, please see the INSTALL file. Please report any bugs to the koha mailing lists or bug tracker and we will try to fix them in a future release. The main koha web site is http://www.koha.org/