Koha/opac/opac-addbybiblionumber.pl
Marcel de Rooy a58aca056b Bug 18228: Implement the new columns in code
The two new columns as mentioned in the commit message of the table
revision must be used in the codebase now.

Highlighting some changes in Koha::VirtualShel[f|ves]:
[1] Additional methods is_public and is_private.
[2] Method add_biblio did not check permissions. Does now. No impact on the
    interface, but one call in the unit test was affected.
[3] Method remove_biblios is signficantly simplified. Removed a FIXME.
[4] Method can_biblios_be_removed now redirects to can_biblios_be_added.
    A followup report may deal with unifying those routines.
[5] Condition in get_some_shelves changed.
[6] The reference to allow_add in get_shelves_containing_record can simply
    be removed.

opac-shelves.pl and shelves.pl now pass the default setting of Owner only
to the template.
Templates shelves.tt and opac-shelves.tt now include the new permission
field with three choices as mentioned in the table revision patch.

opac-addbybiblionumber.pl and addbybiblionumber now need a check on
allow_change_from_owner; search conditions slightly adjusted to the new
permission scheme.

Test plan:
When we refer to visibility in the test plan, please check the Add to-combo
on opac search results and staff results. And check opac-addbybiblionumber
by clicking Save to Lists from opac results.
The step 'Check delete' means: open the list in opac and check if you see
the Delete button below the entries (only check, do not delete).

[ 1] Create private list I01 (perm=Owner)
[ 2] Check visibility: Seen.
[ 3] Add a book. (Change by owner should be allowed.)
[ 4] Check delete: Yes.
[ 5] Edit list I01, set perm=Nobody
[ 6] Check visibility: Not seen.
[ 7] Check delete: No.
[ 8] Share list I01 with another patron.
[ 9] Check visibility for the other patron: Not seen.
[10] Check delete for the other patron: No.
[11] Change permission of list I01 to Anyone (by owner).
[12] Check visibility for the other patron: Seen.
[13] Let other patron add a book (change is allowed).
[14] Let owner delete the same book again (change allowed).

[15] Create public list U01 (perm=Owner)
[16] Check visibility: Seen.
[17] Add a book. (Change by owner should be allowed.)
[18] Login as other user. Check visibility: Not seen. Check delete: No.
[19] Change permission of U01 to Nobody (by owner)
[20] As owner: Check visibility: Not seen. Check delete: No.
[21] As other user: Check visibility: Not seen. Check delete: No.
[22] Create public list U02 (perm=Anyone)
[23] Add a book by owner.
[24] Delete the same book by other user. Add another book.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jesse Maseto <jesse@bywatersolutions.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2017-07-05 13:35:23 -03:00

166 lines
5.5 KiB
Perl
Executable file

#!/usr/bin/perl
# Copyright 2000-2002 Katipo Communications
# Copyright 2016 Koha Development Team
#
# This file is part of Koha.
#
# Koha is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# Koha is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Koha; if not, see <http://www.gnu.org/licenses>.
use Modern::Perl;
use CGI qw ( -utf8 );
use C4::Biblio;
use C4::Output;
use C4::Auth;
use Koha::Virtualshelves;
my $query = new CGI;
my @biblionumbers = $query->multi_param('biblionumber');
my $selectedshelf = $query->param('selectedshelf');
my $newshelf = $query->param('newshelf');
my $shelfnumber = $query->param('shelfnumber');
my $newvirtualshelf = $query->param('newvirtualshelf');
my $category = $query->param('category');
my ( $errcode, $authorized ) = ( 0, 1 );
my @biblios;
# if virtualshelves is disabled, leave immediately
if ( !C4::Context->preference('virtualshelves') ) {
print $query->redirect("/cgi-bin/koha/errors/404.pl");
exit;
}
if ( scalar(@biblionumbers) == 1 ) {
@biblionumbers = ( split /\//, $biblionumbers[0] );
}
my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
{ template_name => "opac-addbybiblionumber.tt",
query => $query,
type => "opac",
authnotrequired => 0,
}
);
if ($newvirtualshelf) {
if ($loggedinuser > 0
and ( $category == 1
or $category == 2 and $loggedinuser > 0 && C4::Context->preference('OpacAllowPublicListCreation') )
) {
my $shelf = eval { Koha::Virtualshelf->new( { shelfname => $newvirtualshelf, category => $category, owner => $loggedinuser, } )->store; };
if ( $@ or not $shelf ) {
$errcode = 1;
$authorized = 0;
} else {
for my $biblionumber (@biblionumbers) {
$shelf->add_biblio( $biblionumber, $loggedinuser );
}
#Reload the page where you came from
print $query->header;
print "<html><meta http-equiv=\"refresh\" content=\"0\" /><body onload=\"window.opener.location.reload(true);self.close();\"></body></html>";
exit;
}
}
} elsif ($shelfnumber) {
my $shelfnumber = $query->param('shelfnumber');
my $shelf = Koha::Virtualshelves->find($shelfnumber);
if ( $shelf->can_biblios_be_added($loggedinuser) ) {
for my $biblionumber (@biblionumbers) {
$shelf->add_biblio( $biblionumber, $loggedinuser );
}
#Close this page and return
print $query->header;
print "<html><meta http-equiv=\"refresh\" content=\"0\" /><body onload=\"self.close();\"></body></html>";
exit;
} else {
$authorized = 0;
}
} elsif ($selectedshelf) {
my $shelfnumber = $query->param('selectedshelf');
my $shelf = Koha::Virtualshelves->find($shelfnumber);
if ( $shelf->can_biblios_be_added($loggedinuser) ) {
$template->param(
singleshelf => 1,
shelfnumber => $shelf->shelfnumber,
shelfname => $shelf->shelfname,
);
} else {
$authorized = 0;
}
} else {
if ( $loggedinuser > 0 ) {
my $private_shelves = Koha::Virtualshelves->search(
{ category => 1,
owner => $loggedinuser,
allow_change_from_owner => 1,
},
{ order_by => 'shelfname' }
);
my $shelves_shared_with_me = Koha::Virtualshelves->search(
{ category => 1,
'virtualshelfshares.borrowernumber' => $loggedinuser,
allow_change_from_others => 1,
},
{ join => 'virtualshelfshares', }
);
my $public_shelves = Koha::Virtualshelves->search(
{ category => 2,
-or => [
-and => {
allow_change_from_owner => 1,
owner => $loggedinuser,
},
allow_change_from_others => 1,
],
},
{ order_by => 'shelfname' }
);
$template->param(
private_shelves => $private_shelves,
private_shelves_shared_with_me => $shelves_shared_with_me,
public_shelves => $public_shelves,
);
} else {
$authorized = 0;
}
}
if ($authorized) {
for my $biblionumber (@biblionumbers) {
my $data = GetBiblioData($biblionumber);
push(
@biblios,
{ biblionumber => $biblionumber,
title => $data->{'title'},
author => $data->{'author'},
}
);
}
$template->param(
multiple => ( scalar(@biblios) > 1 ),
total => scalar @biblios,
biblios => \@biblios,
);
$template->param(
newshelf => $newshelf || 0,
OpacAllowPublicListCreation => C4::Context->preference('OpacAllowPublicListCreation'),
);
}
$template->param( authorized => $authorized, errcode => $errcode, );
output_html_with_http_headers $query, $cookie, $template->output;