Jonathan Druart
ae53caa681
Bug 11911 replaced the permission of suggestions.pl (create a purchase suggestion) from catalogue => 1 to acquisition => 'suggestions_manage'. However we have a lot of acquisition scripts that have lax permissions (acquisition => '*' which means any sub permissions of acquisition is enough). That causes problem when a circulation staff can create purchase suggestions but not access acquisition information. One solution is to move the suggestions_manage subpermission out of the acquisition permission and create a new suggestion permission. Test plan: 0. Setup * Create a patron with several permission (and full acquisition permission) * Create another patron with several permission, and suggestions_manage permission * Create another patron without the suggestions_manage permission 1. Apply the patch and execute the update database entry 2. Note that the third patron you create still does not have suggestions_manage 3. Confirm that you can create a purchase suggestion if you have suggestions_manage, but cannot access acquisition pages if you do not have any subpermissions of the acquisition permission Signed-off-by: Hayley Mapley <hayleymapley@catalyst.net.nz> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
32 lines
1.8 KiB
HTML
32 lines
1.8 KiB
HTML
<div id="navmenu">
|
|
<div id="navmenulist">
|
|
<h5>Acquisitions</h5>
|
|
<ul>
|
|
<li><a href="/cgi-bin/koha/acqui/acqui-home.pl">Acquisitions home</a></li>
|
|
[% IF ( CAN_user_acquisition_order_receive ) %]<li><a href="/cgi-bin/koha/acqui/lateorders.pl">Late orders</a></li>[% END %]
|
|
[% IF ( suggestion && CAN_user_suggestions_suggestions_manage ) %]<li><a href="/cgi-bin/koha/suggestion/suggestion.pl">Suggestions</a></li>[% END %]
|
|
<li><a href="/cgi-bin/koha/acqui/invoices.pl">Invoices</a></li>
|
|
[% IF CAN_user_acquisition_edi_manage %]
|
|
<li><a href="/cgi-bin/koha/acqui/edifactmsgs.pl">EDIFACT messages</a></li>
|
|
[% END %]
|
|
</ul>
|
|
[% IF ( CAN_user_acquisition_period_manage || CAN_user_acquisition_budget_manage || CAN_user_acquisition_currencies_manage || CAN_user_acquisition_edi_manage ) %]
|
|
<h5>Administration</h5>
|
|
<ul>
|
|
[% IF ( CAN_user_acquisition_period_manage ) %]
|
|
<li><a href="/cgi-bin/koha/admin/aqbudgetperiods.pl">Budgets</a></li>
|
|
[% END %]
|
|
[% IF ( CAN_user_acquisition_budget_manage ) %]
|
|
<li><a href="/cgi-bin/koha/admin/aqbudgets.pl">Funds</a></li>
|
|
[% END %]
|
|
[% IF ( CAN_user_acquisition_currencies_manage ) %]
|
|
<li><a href="/cgi-bin/koha/admin/currency.pl">Currencies</a></li>
|
|
[% END %]
|
|
[% IF CAN_user_acquisition_edi_manage %]
|
|
<li><a href="/cgi-bin/koha/admin/edi_accounts.pl">EDI accounts</a></li>
|
|
<li><a href="/cgi-bin/koha/admin/edi_ean_accounts.pl">Library EANs</a></li>
|
|
[% END %]
|
|
</ul>
|
|
[% END %]
|
|
</div>
|
|
</div>
|