Koha/admin/fieldmapping.pl
Katrin Fischer 252f4674a5 Bug 14391: Add granular permissions to the administration module
So far the administration module only allowed for 2 permissions:
- circulation conditions (manage_circ_rules)
- everything else (parameters_remaining_permissions)

With this patch almost every section of the administration page
will have its own granular permission.

To test:
- Create different staff users:
  1) One with parameters_remaining_permissions
  2) One with parameters
  3) One with catalogue and no parameters
  4) One superlibrarian
- Apply the patch
- Run the database update
- Check the staff users:
  1) All subpermissions, but manage_circ_rules
     should be checked
  2) Nothing should have changed
  3) manage_item_serach_fields shoudl be checked
     (page had catalogue permission before)
  4) Nothing should have changed
- Try different settings of the permissions and
  verify that
  - Administration page behaves correctly
  - Administration menu behaves correctly
  ! You shoudl only see what you have permission for

https://bugs.koha-community.org/show_bug.cgi?id=14391

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-11-07 12:29:32 +00:00

70 lines
2.3 KiB
Perl
Executable file

#!/usr/bin/perl
# Copyright 2009 SARL BibLibre
# Copyright 2017 Koha Development Team
#
# This file is part of Koha.
#
# Koha is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# Koha is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Koha; if not, see <http://www.gnu.org/licenses>.
use Modern::Perl;
use CGI qw ( -utf8 );
use C4::Auth;
use C4::Biblio;
use C4::Output;
use Koha::BiblioFrameworks;
use Koha::FieldMappings;
my $query = new CGI;
my $frameworkcode = $query->param('framework') || "";
my $field = $query->param('fieldname');
my $fieldcode = $query->param('marcfield');
my $subfieldcode = $query->param('marcsubfield');
my $op = $query->param('op') || q{};
my $id = $query->param('id');
my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
{
template_name => "admin/fieldmapping.tt",
query => $query,
type => "intranet",
authnotrequired => 0,
flagsrequired => { parameters => 'manage_keywords2marc_mappings' },
debug => 1,
}
);
# FIXME Add exceptions
if ( $op eq "delete" and $id ) {
Koha::FieldMappings->find($id)->delete;
} elsif ( $field and $fieldcode ) {
my $params = { frameworkcode => $frameworkcode, field => $field, fieldcode => $fieldcode, subfieldcode => $subfieldcode };
my $exists = Koha::FieldMappings->search( $params )->count;;
unless ( $exists ) {
Koha::FieldMapping->new( $params )->store;
}
}
my $fields = Koha::FieldMappings->search({ frameworkcode => $frameworkcode });
my $frameworks = Koha::BiblioFrameworks->search({}, { order_by => ['frameworktext'] });
my $framework = $frameworks->search( { frameworkcode => $frameworkcode } )->next;
$template->param(
frameworks => $frameworks,
framework => $framework,
fields => $fields,
);
output_html_with_http_headers $query, $cookie, $template->output;