Koha/admin/z3950servers.pl
Katrin Fischer 252f4674a5 Bug 14391: Add granular permissions to the administration module
So far the administration module only allowed for 2 permissions:
- circulation conditions (manage_circ_rules)
- everything else (parameters_remaining_permissions)

With this patch almost every section of the administration page
will have its own granular permission.

To test:
- Create different staff users:
  1) One with parameters_remaining_permissions
  2) One with parameters
  3) One with catalogue and no parameters
  4) One superlibrarian
- Apply the patch
- Run the database update
- Check the staff users:
  1) All subpermissions, but manage_circ_rules
     should be checked
  2) Nothing should have changed
  3) manage_item_serach_fields shoudl be checked
     (page had catalogue permission before)
  4) Nothing should have changed
- Try different settings of the permissions and
  verify that
  - Administration page behaves correctly
  - Administration menu behaves correctly
  ! You shoudl only see what you have permission for

https://bugs.koha-community.org/show_bug.cgi?id=14391

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-11-07 12:29:32 +00:00

119 lines
4 KiB
Perl
Executable file

#!/usr/bin/perl
# Copyright 2002 paul.poulain@free.fr
# Copyright 2014 Rijksmuseum
#
# This file is part of Koha.
#
# Koha is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# Koha is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Koha; if not, see <http://www.gnu.org/licenses>.
# This script is used to maintain the Z3950 servers table.
# Parameter $op is operation: list, new, edit, add_validated, delete_confirmed.
# add_validated saves a validated record and goes to list view.
# delete_confirmed deletes a record and goes to list view.
use Modern::Perl;
use CGI qw ( -utf8 );
use C4::Context;
use C4::Auth;
use C4::Output;
use Koha::Database;
# Initialize CGI, template, database
my $input = new CGI;
my $op = $input->param('op') || 'list';
my $id = $input->param('id') || 0;
my $type = $input->param('type') || '';
my $searchfield = '';
my ( $template, $loggedinuser, $cookie ) = get_template_and_user( {
template_name => "admin/z3950servers.tt",
query => $input,
type => "intranet",
authnotrequired => 0,
flagsrequired => { parameters => 'manage_search_targets' },
debug => 1,
});
my $script_name = "/cgi-bin/koha/admin/z3950servers.pl";
$template->param( script_name => $script_name );
my $schema = Koha::Database->new()->schema();
# Main code
# First process a confirmed delete, or save a validated record
if( $op eq 'delete_confirmed' && $id ) {
my $server = $schema->resultset('Z3950server')->find($id);
if ( $server ) {
$server->delete;
$template->param( msg_deleted => 1, msg_add => $server->servername );
} else {
$template->param( msg_notfound => 1, msg_add => $id );
}
$id = 0;
} elsif ( $op eq 'add_validated' ) {
my @fields=qw/host port db userid password rank syntax encoding timeout
recordtype checked servername servertype sru_options sru_fields
add_xslt/;
my $formdata = _form_data_hashref( $input, \@fields );
if( $id ) {
my $server = $schema->resultset('Z3950server')->find($id);
if ( $server ) {
$server->update( $formdata );
$template->param( msg_updated => 1, msg_add => $formdata->{servername} );
} else {
$template->param( msg_notfound => 1, msg_add => $id );
}
$id = 0;
} else {
$schema->resultset('Z3950server')->create( $formdata );
$template->param( msg_added => 1, msg_add => $formdata->{servername} );
}
} else {
#use searchfield only in remaining operations
$searchfield = $input->param('searchfield') || '';
}
# Now list multiple records, or edit one record
my $data = [];
if ( $op eq 'add' || $op eq 'edit' ) {
$data = ServerSearch( $schema, $id, $searchfield ) if $searchfield || $id;
delete $data->[0]->{id} if @$data && $op eq 'add'; #cloning record
$template->param( add_form => 1, server => @$data? $data->[0]: undef,
op => $op, type => $op eq 'add'? lc $type: '' );
} else {
$data = ServerSearch( $schema, $id, $searchfield );
$template->param( loop => \@$data, searchfield => $searchfield, id => $id,
op => 'list' );
}
output_html_with_http_headers $input, $cookie, $template->output;
# End of main code
sub ServerSearch { #find server(s) by id or name
my ( $schema, $id, $searchstring )= @_;
my $rs = $schema->resultset('Z3950server')->search(
$id ? { id => $id }: { servername => { like => $searchstring.'%' } },
{ result_class => 'DBIx::Class::ResultClass::HashRefInflator' }
);
return [ $rs->all ];
}
sub _form_data_hashref {
my ( $input, $fieldref ) = @_;
return { map { ( $_ => scalar $input->param($_)//'' ) } @$fieldref };
}