Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Koha/koha-tmpl/intranet-tmpl/prog/en/includes
History
Marcel de Rooy 9eb80092e3 Bug 14686: Add Upload to Tools menu 
This patch makes sure that the added granular permissions work as
advertised.

Note: The field owner was not included in the Koha::Upload->get response.
The code to verify if a user is allowed to delete an upload, is concentrated
in the template now. When get returns a Koha::Object, this check could be
relocated.

Test plan:
[1] Verify that the current user has permission for tools, or has
    at least upload_general_files.
[2] Do you see Upload in the Tools menu? Follow the link.
[3] Upload a permanent file (with a category).
[4] Do you see the Delete button in the results form?
[5] Make sure that another user has no permission to upload.
[6] Login as that user and check the Tools menu.
    Try the URL [yourserver]/cgi-bin/koha/tools/upload.pl
    You should have no access to the upload form.
[7] Enable upload_general_files for this user. Go to upload and search for
    the upload from step 3. You should not see a Delete button.
[8] Enable upload_manage for this user. Search for the upload again.
    Delete the upload.
[9] Go to upload via the Cataloguing editor (856$u plugin) or add
    parameter "plugin=1" to the URL. You should not see the Tools menu.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Brendan Gallagher <bredan@bywatersolutions.com>
2016-04-27 16:14:17 +00:00
..
catalogue Revert bug 13618 - "Prevent XSS in the Staff Client and the OPAC" due to performance issues 2016-02-11 19:39:53 +00:00
csv_headers Bug 14636: Item search - improving display 2015-12-30 12:44:26 +00:00
virtualshelves/merge
acquisitions-add-to-basket.inc
acquisitions-menu.inc Bug 7736: Support Ordering via Edifact EDI messages 2016-04-01 20:03:17 +00:00
acquisitions-search.inc Revert bug 13618 - "Prevent XSS in the Staff Client and the OPAC" due to performance issues 2016-02-11 19:39:53 +00:00
acquisitions-toolbar.inc Bug 14915: Use Font Awesome instead of Glyphicons for the staff intranet 2015-10-27 10:02:42 -03:00
additem.js.inc
admin-items-search-field-form.inc Bug 15887: Revise layout and behavior of item search fields management 2016-03-02 22:36:17 +00:00
admin-menu.inc Bug 16206: Corrections to templates related new EDI feature 2016-04-20 16:49:46 +00:00
auth-finder-search.inc Revert bug 13618 - "Prevent XSS in the Staff Client and the OPAC" due to performance issues 2016-02-11 19:39:53 +00:00
authorities-search-results.inc Revert bug 13618 - "Prevent XSS in the Staff Client and the OPAC" due to performance issues 2016-02-11 19:39:53 +00:00
authorities-search.inc Revert bug 13618 - "Prevent XSS in the Staff Client and the OPAC" due to performance issues 2016-02-11 19:39:53 +00:00
authorities-toolbar.inc Bug 15381: Remove getauthtypes and getauthtype 2015-12-31 18:59:02 +00:00
authorities.inc Revert bug 13618 - "Prevent XSS in the Staff Client and the OPAC" due to performance issues 2016-02-11 19:39:53 +00:00
authorities_js.inc
av-build-dropbox.inc Bug 16157: Move the selected flag from GetAuthorisedValues to the templates 2016-04-07 00:16:09 +00:00
biblio-default-view.inc
biblio-view-menu.inc
borrower_debarments.inc Revert bug 13618 - "Prevent XSS in the Staff Client and the OPAC" due to performance issues 2016-02-11 19:39:53 +00:00
branch-selector.inc
browser-strings.inc
budgets-active-currency.inc Bug 15049: (followup) Add warning about "No active currency" 2015-12-30 23:34:34 +00:00
budgets-admin-search.inc Bug 15706: Changing to circulate_remaining_permissions 2016-02-23 22:38:46 +00:00
budgets-admin-toolbar.inc Bug 14915: Use Font Awesome instead of Glyphicons for the staff intranet 2015-10-27 10:02:42 -03:00
calendar.inc Bug 12072: Make datepicker and templates to be aware of dmydot format 2015-11-19 13:15:19 -03:00
cat-menu.inc
cat-search.inc Bug 15706: Changing to circulate_remaining_permissions 2016-02-23 22:38:46 +00:00
cat-toolbar.inc Bug 13642 - Adding new features for Dublin Core metadata 2016-01-27 06:23:07 +00:00
cataloging-search.inc Bug 15706: Changing to circulate_remaining_permissions 2016-02-23 22:38:46 +00:00
cateditor-ui.inc Bug 15344: Remove unucessary call to GetMemberDetails 2015-12-30 11:53:18 +00:00
cateditor-widgets-marc21.inc Bug 11559: (followup) Fix import bugs, display/parsing issues 2015-10-27 12:18:00 -03:00
checkin-search.inc Bug 15706: Changing to circulate_remaining_permissions 2016-02-23 22:38:46 +00:00
checkouts-table-footer.inc Bug 14948 - Display amounts right aligned in tables on patron pages 2015-12-30 04:25:51 +00:00
checkouts-table.inc Bug 12920 [QA Followup] - Show override option below checkouts table when allowed 2016-02-24 03:10:20 +00:00
circ-menu.inc Revert bug 13618 - "Prevent XSS in the Staff Client and the OPAC" due to performance issues 2016-02-11 19:39:53 +00:00
circ-search.inc Bug 15706: Changing to circulate_remaining_permissions 2016-02-23 22:38:46 +00:00
cities-admin-search.inc Bug 15706: Changing to circulate_remaining_permissions 2016-02-23 22:38:46 +00:00
columns_settings.inc Bug 15921: Do not include datatables js/css files twice 2016-03-24 15:50:02 +00:00
contracts-admin-search.inc Bug 15706: Changing to circulate_remaining_permissions 2016-02-23 22:38:46 +00:00
currencies-admin-search.inc Bug 15706: Changing to circulate_remaining_permissions 2016-02-23 22:38:46 +00:00
datatables-strings.inc
datatables.inc Bug 15921: Do not include datatables js/css files twice 2016-03-24 15:50:02 +00:00
date-format.inc Bug 12072: Make datepicker and templates to be aware of dmydot format 2015-11-19 13:15:19 -03:00
doc-head-close-receipt.inc
doc-head-close.inc Bug 15883 - Upgrade jQuery from v1.7.2 in the staff client 2016-04-20 20:31:58 +00:00
doc-head-open.inc
empty_line.inc
facets.inc Revert bug 13618 - "Prevent XSS in the Staff Client and the OPAC" due to performance issues 2016-02-11 19:39:53 +00:00
form-blocks.inc
format_price.inc
greybox.inc
guided-reports-view.inc
header.inc Revert bug 13618 - "Prevent XSS in the Staff Client and the OPAC" due to performance issues 2016-02-11 19:39:53 +00:00
help-bottom.inc
help-top.inc Bug 15883 - Upgrade jQuery from v1.7.2 in the staff client 2016-04-20 20:31:58 +00:00
home-search.inc Bug 15706: Changing to circulate_remaining_permissions 2016-02-23 22:38:46 +00:00
installer-doc-head-close.inc
intranet-bottom.inc Bug 11431: Add additional sound options 2015-11-04 12:32:57 -03:00
intranetstylesheet.inc
labels-toolbar.inc Bug 14915: (QA followup) Switch recent commits from Glyphicons to Font Awesome 2015-10-27 10:04:53 -03:00
letters-search.inc Bug 15706: Changing to circulate_remaining_permissions 2016-02-23 22:38:46 +00:00
member-alt-address-style-de.inc Bug 15373: Changing Zip to ZIP on OPAC and Intranet 2015-12-30 16:30:35 +00:00
member-alt-address-style-us.inc Bug 15373: Changing Zip to ZIP on OPAC and Intranet 2015-12-30 16:30:35 +00:00
member-alt-contact-style-de.inc Bug 15373: Changing Zip to ZIP on OPAC and Intranet 2015-12-30 16:30:35 +00:00
member-alt-contact-style-us.inc Bug 15373: Changing Zip to ZIP on OPAC and Intranet 2015-12-30 16:30:35 +00:00
member-display-address-style-de.inc Bug 15542: Change for the German style address format 2016-01-23 19:15:08 +00:00
member-display-address-style-us.inc Bug 15542: Always display the patron's info the same way. 2016-01-23 19:15:08 +00:00
member-main-address-style-de.inc Bug 16157: Move the selected flag from GetAuthorisedValues to the templates 2016-04-07 00:16:09 +00:00
member-main-address-style-us.inc Bug 16157: Move the selected flag from GetAuthorisedValues to the templates 2016-04-07 00:16:09 +00:00
members-menu.inc Bug 14157: Notices tab in the patron record should not depend on EnhancedMessagingPreferences to display 2015-11-05 10:29:15 -03:00
members-toolbar.inc Bug 15096: Export today's checked in barcodes: Display warning if reading history is set to "never" 2016-01-27 06:02:43 +00:00
merge-record-strings.inc Bug 8064: Change the way target record is built. 2015-11-09 15:08:57 -03:00
merge-record.inc Revert bug 13618 - "Prevent XSS in the Staff Client and the OPAC" due to performance issues 2016-02-11 19:39:53 +00:00
messaging-preference-form.inc Bug 14836: Use Koha::PatronCategor[y|ies] in admin/categories.pl 2015-11-05 10:57:40 -03:00
nl-search-form.tt
page-numbers.inc Revert bug 13618 - "Prevent XSS in the Staff Client and the OPAC" due to performance issues 2016-02-11 19:39:53 +00:00
patron-search-box.inc Bug 15706: (follow-up) Changing to circulate_remaining_permissions 2016-02-23 22:38:46 +00:00
patron-search.inc Bug 15930: Make patron searches defaulting on 'contain' 2016-04-22 00:31:50 +00:00
patron-title.inc
patron-toolbar.inc Bug 14915: Use Font Awesome instead of Glyphicons for the staff intranet 2015-10-27 10:02:42 -03:00
patroncards-errors.inc
patroncards-toolbar.inc Bug 14915: (QA followup) Switch recent commits from Glyphicons to Font Awesome 2015-10-27 10:04:53 -03:00
patrons-admin-search.inc Bug 15706: Changing to circulate_remaining_permissions 2016-02-23 22:38:46 +00:00
permissions.inc Bug 14686: Add two granular permission for upload under tools 2016-04-27 16:14:17 +00:00
popup-bottom.inc
prefs-admin-search.inc Bug 15706: Changing to circulate_remaining_permissions 2016-02-23 22:38:46 +00:00
prefs-menu.inc Bug 11559: Rancor: advanced cataloging interface 2015-10-27 12:17:39 -03:00
printers-admin-search.inc Bug 15706: Changing to circulate_remaining_permissions 2016-02-23 22:38:46 +00:00
quotes-toolbar.inc Bug 14915: Use Font Awesome instead of Glyphicons for the staff intranet 2015-10-27 10:02:42 -03:00
quotes-upload-toolbar.inc Bug 14915: (QA followup) Replace fa-hdd with fa-save 2015-10-27 10:03:24 -03:00
reports-menu.inc
reports-toolbar.inc Bug 13132: Add confirm dialog for deleting reports from the reports toolbar 2016-03-31 18:50:54 +00:00
resort_form.inc
rotating-collections-toolbar.inc Bug 15866: Add confirm message for deleting rotating collection from toolbar 2016-03-23 18:02:03 +00:00
search_indexes.inc
serials-menu.inc
serials-search.inc Bug 15706: Changing to circulate_remaining_permissions 2016-02-23 22:38:46 +00:00
serials-toolbar.inc Bug 14915: (QA followup) Tweak '+' icon for serials-home 2015-10-27 10:02:51 -03:00
slip-print.inc Revert bug 13618 - "Prevent XSS in the Staff Client and the OPAC" due to performance issues 2016-02-11 19:39:53 +00:00
strings.inc Bug 14310 [QA Followup] - Deal with error conditions 2016-01-27 06:20:19 +00:00
subscriptions-search.inc
subtypes_unimarc.inc
suggestions-add-search.inc Bug 15706: Changing to circulate_remaining_permissions 2016-02-23 22:38:46 +00:00
timepicker.inc
tools-item-action.inc
tools-menu.inc Bug 14686: Add Upload to Tools menu 2016-04-27 16:14:17 +00:00
tools-nomatch-action.inc
tools-overlay-action.inc
validator-strings.inc
vendor-menu.inc
virtualshelves-toolbar.inc Bug 15453: Assign the correct shelfid to the download list links 2016-01-07 18:54:34 +00:00
wysiwyg-systempreferences.inc
z3950-admin-search.inc Bug 15706: Changing to circulate_remaining_permissions 2016-02-23 22:38:46 +00:00