Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Koha/acqui/edifactmsgs.pl
Katrin Fischer 4f0c8e3c88 Bug 20861: Correct EDI permissions on EDI messsages 
The permission for EDI is edi_manage, but 2 pages asked
for manage_edi, allowing users not to access those.

To test:
- Add edi_manage to your permissions
- Try to access the EDIFACT messages from the
  acq start page
- Verify it doesn't work
- Apply patch and try again
- You should be able to access the page now
- Try to access the other page directly (if you don't
  have EDI data):
  /cgi-bin/koha/acqui/edimsg.pl
- Verify you can access the page and don't get a
  permission error

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-06-04 13:40:36 -04:00

61 lines
1.7 KiB
Perl
Executable file
Raw Blame History

#!/usr/bin/perl
# Copyright 2014 PTFS Europe Ltd.
# This file is part of Koha.
#
# Koha is free software; you can redistribute it and/or modify it under the
# terms of the GNU General Public License as published by the Free Software
# Foundation; either version 3 of the License, or (at your option) any later
# version.
#
# Koha is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with Koha; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
use Modern::Perl;
use CGI;
use Koha::Database;
use C4::Koha;
use C4::Auth;
use C4::Output;
my $q = CGI->new;
my ( $template, $loggedinuser, $cookie, $userflags ) = get_template_and_user(
{
template_name => 'acqui/edifactmsgs.tt',
query => $q,
type => 'intranet',
authnotrequired => 0,
flagsrequired => { acquisition => 'edi_manage' },
debug => 1,
}
);
my $schema = Koha::Database->new()->schema();
my $cmd = $q->param('op');
if ( $cmd && $cmd eq 'delete' ) {
my $id = $q->param('message_id');
my $msg = $schema->resultset('EdifactMessage')->find($id);
$msg->deleted(1);
$msg->update;
}
my @msgs = $schema->resultset('EdifactMessage')->search(
{
deleted => 0,
},
{
join => 'vendor',
order_by => { -desc => 'transfer_date' },
}
)->all;
$template->param( messages => \@msgs );
output_html_with_http_headers( $q, $cookie, $template->output );
View git blame Copy permalink