Marcel de Rooy
a58aca056b
The two new columns as mentioned in the commit message of the table revision must be used in the codebase now. Highlighting some changes in Koha::VirtualShel[f|ves]: [1] Additional methods is_public and is_private. [2] Method add_biblio did not check permissions. Does now. No impact on the interface, but one call in the unit test was affected. [3] Method remove_biblios is signficantly simplified. Removed a FIXME. [4] Method can_biblios_be_removed now redirects to can_biblios_be_added. A followup report may deal with unifying those routines. [5] Condition in get_some_shelves changed. [6] The reference to allow_add in get_shelves_containing_record can simply be removed. opac-shelves.pl and shelves.pl now pass the default setting of Owner only to the template. Templates shelves.tt and opac-shelves.tt now include the new permission field with three choices as mentioned in the table revision patch. opac-addbybiblionumber.pl and addbybiblionumber now need a check on allow_change_from_owner; search conditions slightly adjusted to the new permission scheme. Test plan: When we refer to visibility in the test plan, please check the Add to-combo on opac search results and staff results. And check opac-addbybiblionumber by clicking Save to Lists from opac results. The step 'Check delete' means: open the list in opac and check if you see the Delete button below the entries (only check, do not delete). [ 1] Create private list I01 (perm=Owner) [ 2] Check visibility: Seen. [ 3] Add a book. (Change by owner should be allowed.) [ 4] Check delete: Yes. [ 5] Edit list I01, set perm=Nobody [ 6] Check visibility: Not seen. [ 7] Check delete: No. [ 8] Share list I01 with another patron. [ 9] Check visibility for the other patron: Not seen. [10] Check delete for the other patron: No. [11] Change permission of list I01 to Anyone (by owner). [12] Check visibility for the other patron: Seen. [13] Let other patron add a book (change is allowed). [14] Let owner delete the same book again (change allowed). [15] Create public list U01 (perm=Owner) [16] Check visibility: Seen. [17] Add a book. (Change by owner should be allowed.) [18] Login as other user. Check visibility: Not seen. Check delete: No. [19] Change permission of U01 to Nobody (by owner) [20] As owner: Check visibility: Not seen. Check delete: No. [21] As other user: Check visibility: Not seen. Check delete: No. [22] Create public list U02 (perm=Anyone) [23] Add a book by owner. [24] Delete the same book by other user. Add another book. Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jesse Maseto <jesse@bywatersolutions.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
166 lines
5.5 KiB
Perl
Executable file
166 lines
5.5 KiB
Perl
Executable file
#!/usr/bin/perl
|
|
|
|
# Copyright 2000-2002 Katipo Communications
|
|
# Copyright 2016 Koha Development Team
|
|
#
|
|
# This file is part of Koha.
|
|
#
|
|
# Koha is free software; you can redistribute it and/or modify it
|
|
# under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation; either version 3 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# Koha is distributed in the hope that it will be useful, but
|
|
# WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with Koha; if not, see <http://www.gnu.org/licenses>.
|
|
|
|
use Modern::Perl;
|
|
|
|
use CGI qw ( -utf8 );
|
|
use C4::Biblio;
|
|
use C4::Output;
|
|
use C4::Auth;
|
|
|
|
use Koha::Virtualshelves;
|
|
|
|
my $query = new CGI;
|
|
my @biblionumbers = $query->multi_param('biblionumber');
|
|
my $selectedshelf = $query->param('selectedshelf');
|
|
my $newshelf = $query->param('newshelf');
|
|
my $shelfnumber = $query->param('shelfnumber');
|
|
my $newvirtualshelf = $query->param('newvirtualshelf');
|
|
my $category = $query->param('category');
|
|
my ( $errcode, $authorized ) = ( 0, 1 );
|
|
my @biblios;
|
|
|
|
# if virtualshelves is disabled, leave immediately
|
|
if ( !C4::Context->preference('virtualshelves') ) {
|
|
print $query->redirect("/cgi-bin/koha/errors/404.pl");
|
|
exit;
|
|
}
|
|
|
|
if ( scalar(@biblionumbers) == 1 ) {
|
|
@biblionumbers = ( split /\//, $biblionumbers[0] );
|
|
}
|
|
|
|
my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
|
|
{ template_name => "opac-addbybiblionumber.tt",
|
|
query => $query,
|
|
type => "opac",
|
|
authnotrequired => 0,
|
|
}
|
|
);
|
|
|
|
if ($newvirtualshelf) {
|
|
if ($loggedinuser > 0
|
|
and ( $category == 1
|
|
or $category == 2 and $loggedinuser > 0 && C4::Context->preference('OpacAllowPublicListCreation') )
|
|
) {
|
|
my $shelf = eval { Koha::Virtualshelf->new( { shelfname => $newvirtualshelf, category => $category, owner => $loggedinuser, } )->store; };
|
|
if ( $@ or not $shelf ) {
|
|
$errcode = 1;
|
|
$authorized = 0;
|
|
} else {
|
|
for my $biblionumber (@biblionumbers) {
|
|
$shelf->add_biblio( $biblionumber, $loggedinuser );
|
|
}
|
|
|
|
#Reload the page where you came from
|
|
print $query->header;
|
|
print "<html><meta http-equiv=\"refresh\" content=\"0\" /><body onload=\"window.opener.location.reload(true);self.close();\"></body></html>";
|
|
exit;
|
|
}
|
|
}
|
|
} elsif ($shelfnumber) {
|
|
my $shelfnumber = $query->param('shelfnumber');
|
|
my $shelf = Koha::Virtualshelves->find($shelfnumber);
|
|
if ( $shelf->can_biblios_be_added($loggedinuser) ) {
|
|
for my $biblionumber (@biblionumbers) {
|
|
$shelf->add_biblio( $biblionumber, $loggedinuser );
|
|
}
|
|
|
|
#Close this page and return
|
|
print $query->header;
|
|
print "<html><meta http-equiv=\"refresh\" content=\"0\" /><body onload=\"self.close();\"></body></html>";
|
|
exit;
|
|
} else {
|
|
$authorized = 0;
|
|
}
|
|
} elsif ($selectedshelf) {
|
|
my $shelfnumber = $query->param('selectedshelf');
|
|
my $shelf = Koha::Virtualshelves->find($shelfnumber);
|
|
if ( $shelf->can_biblios_be_added($loggedinuser) ) {
|
|
$template->param(
|
|
singleshelf => 1,
|
|
shelfnumber => $shelf->shelfnumber,
|
|
shelfname => $shelf->shelfname,
|
|
);
|
|
} else {
|
|
$authorized = 0;
|
|
}
|
|
} else {
|
|
if ( $loggedinuser > 0 ) {
|
|
my $private_shelves = Koha::Virtualshelves->search(
|
|
{ category => 1,
|
|
owner => $loggedinuser,
|
|
allow_change_from_owner => 1,
|
|
},
|
|
{ order_by => 'shelfname' }
|
|
);
|
|
my $shelves_shared_with_me = Koha::Virtualshelves->search(
|
|
{ category => 1,
|
|
'virtualshelfshares.borrowernumber' => $loggedinuser,
|
|
allow_change_from_others => 1,
|
|
},
|
|
{ join => 'virtualshelfshares', }
|
|
);
|
|
my $public_shelves = Koha::Virtualshelves->search(
|
|
{ category => 2,
|
|
-or => [
|
|
-and => {
|
|
allow_change_from_owner => 1,
|
|
owner => $loggedinuser,
|
|
},
|
|
allow_change_from_others => 1,
|
|
],
|
|
},
|
|
{ order_by => 'shelfname' }
|
|
);
|
|
$template->param(
|
|
private_shelves => $private_shelves,
|
|
private_shelves_shared_with_me => $shelves_shared_with_me,
|
|
public_shelves => $public_shelves,
|
|
);
|
|
} else {
|
|
$authorized = 0;
|
|
}
|
|
}
|
|
|
|
if ($authorized) {
|
|
for my $biblionumber (@biblionumbers) {
|
|
my $data = GetBiblioData($biblionumber);
|
|
push(
|
|
@biblios,
|
|
{ biblionumber => $biblionumber,
|
|
title => $data->{'title'},
|
|
author => $data->{'author'},
|
|
}
|
|
);
|
|
}
|
|
$template->param(
|
|
multiple => ( scalar(@biblios) > 1 ),
|
|
total => scalar @biblios,
|
|
biblios => \@biblios,
|
|
);
|
|
|
|
$template->param(
|
|
newshelf => $newshelf || 0,
|
|
OpacAllowPublicListCreation => C4::Context->preference('OpacAllowPublicListCreation'),
|
|
);
|
|
}
|
|
$template->param( authorized => $authorized, errcode => $errcode, );
|
|
output_html_with_http_headers $query, $cookie, $template->output;
|