Marcel de Rooy
ccf62d46d7
This last patch activates the check at client side.
If the pref ProtectSuperlibPrivs is enabled, non-superlibs should not be
able to change superlibrarian privileges via the interface.
Test plan:
[1] Enable the pref.
[2] Login as superlib and add/remove superlib privs to a staff user.
[3] Login as another user (no superlib, but having borrowers, permissions
and staff_access). Verify that you cannot add or remove superlib
privs.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: JM Broust <jean-manuel.broust@univ-lyon2.fr>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
191 lines
7.6 KiB
Text
191 lines
7.6 KiB
Text
[% USE Asset %]
|
|
[% USE Branches %]
|
|
[% SET footerjs = 1 %]
|
|
[% PROCESS 'permissions.inc' %]
|
|
[% INCLUDE 'doc-head-open.inc' %]
|
|
<title>Koha › Patrons › Set permissions for [% patron.surname %], [% patron.firstname %]</title>
|
|
[% Asset.css("css/treeview/jquery.treeview.css") %]
|
|
[% INCLUDE 'doc-head-close.inc' %]
|
|
</head>
|
|
|
|
<body id="pat_member-flags" class="pat">
|
|
[% INCLUDE 'header.inc' %]
|
|
[% INCLUDE 'patron-search.inc' %]
|
|
|
|
<div id="breadcrumbs"><a href="/cgi-bin/koha/mainpage.pl">Home</a> › <a href="/cgi-bin/koha/members/members-home.pl">Patrons</a> › Set permissions for [% patron.surname %], [% patron.firstname %]</div>
|
|
|
|
<div id="doc3" class="yui-t2">
|
|
|
|
<div id="bd">
|
|
<div id="yui-main">
|
|
<div class="yui-b">
|
|
[% INCLUDE 'members-toolbar.inc' %]
|
|
|
|
<form method="post" action="/cgi-bin/koha/members/member-flags.pl">
|
|
<input type="hidden" name="csrf_token" value="[% csrf_token %]" />
|
|
<input type="hidden" name="member" id="borrowernumber" value="[% patron.borrowernumber %]" />
|
|
<input type="hidden" name="newflags" value="1" />
|
|
<h1>Set permissions for [% patron.surname %], [% patron.firstname %]</h1>
|
|
<!-- <ul id="permissionstree"><li class="root">All privileges<ul> -->
|
|
<ul id="permissionstree" class="treeview-grey">
|
|
<!-- <li class="folder-close">One level down<ul> -->
|
|
[% FOREACH loo IN loop %]
|
|
[% IF ( loo.expand ) %]
|
|
<li class="open">
|
|
[% ELSE %]
|
|
<li>
|
|
[% END %]
|
|
[% IF ( loo.checked ) %]
|
|
<input type="checkbox" class="flag parent" id="flag-[% loo.bit %]" name="flag" value="[% loo.flag %]" checked="checked" />
|
|
[% ELSE %]
|
|
<input type="checkbox" class="flag parent" id="flag-[% loo.bit %]" name="flag" value="[% loo.flag %]" />
|
|
[% END %]
|
|
<label class="permissioncode" for="flag-[% loo.bit %]">[% loo.flag %]</label>
|
|
<span class="permissiondesc">[% PROCESS main_permissions name=loo.flag %]</span>
|
|
[% IF ( loo.sub_perm_loop ) %]
|
|
<ul id="flag-[% loo.bit %]-children">
|
|
[% FOREACH sub_perm_loo IN loo.sub_perm_loop %]
|
|
<li>
|
|
[% IF ( sub_perm_loo.checked ) %]
|
|
<input type="checkbox" class="flag child" id="[% sub_perm_loo.id %]" name="flag" value="[% sub_perm_loo.perm %]" checked="checked" />
|
|
[% ELSE %]
|
|
<input type="checkbox" class="flag child" id="[% sub_perm_loo.id %]" name="flag" value="[% sub_perm_loo.perm %]" />
|
|
[% END %]
|
|
<label class="permissioncode" for="[% sub_perm_loo.id %]">[% sub_perm_loo.code %]</label>
|
|
<span class="permissiondesc">[% PROCESS sub_permissions name=sub_perm_loo.code %]</span>
|
|
</li>
|
|
[% END %]
|
|
</ul>
|
|
</li>
|
|
[% ELSE %]
|
|
</li>
|
|
[% END %]
|
|
[% END %]
|
|
<!-- </ul></li> -->
|
|
<!-- </ul></li></ul> -->
|
|
</ul>
|
|
|
|
<fieldset class="action"><input type="submit" value="Save" /> <a class="cancel" href="/cgi-bin/koha/members/moremember.pl?borrowernumber=[% patron.borrowernumber %]">Cancel</a></fieldset>
|
|
|
|
</form>
|
|
</div>
|
|
</div>
|
|
|
|
<div class="yui-b">
|
|
[% INCLUDE 'circ-menu.inc' %]
|
|
</div>
|
|
</div>
|
|
|
|
[% MACRO jsinclude BLOCK %]
|
|
[% Asset.js("js/members-menu.js") %]
|
|
[% Asset.js("lib/jquery/plugins/jquery.treeview.pack.js") %]
|
|
<!-- set up tree -->
|
|
<script type="text/javascript">
|
|
$(document).ready(function() {
|
|
$("#permissionstree").treeview({animated: "fast", collapsed: true});
|
|
|
|
// Enforce Superlibrarian Privilege Mutual Exclusivity
|
|
if($('input[id="flag-0"]:checked').length){
|
|
if ($('input[name="flag"]:checked').length > 1){
|
|
alert(_("Inconsistency detected! The superlibrarian privilege is mutually exclusive of other privileges, as it includes them all. This patron's privileges will now be reset to include only superlibrarian."));
|
|
}
|
|
|
|
$('input[name="flag"]').each(function() {
|
|
if($(this).attr('id') != "flag-0"){
|
|
$(this).prop('disabled', true);
|
|
$(this).prop('checked', false);
|
|
}
|
|
});
|
|
}
|
|
|
|
$('input#flag-0').click(function() {
|
|
if($('input[id="flag-0"]:checked').length){
|
|
$('input[name="flag"]').each(function() {
|
|
if($(this).attr('id') != "flag-0"){
|
|
$(this).prop('disabled', true);
|
|
$(this).prop('checked', false);
|
|
}
|
|
});
|
|
}
|
|
else {
|
|
$('input[name="flag"]').each(function() {
|
|
$(this).prop('disabled', false);
|
|
});
|
|
}
|
|
});
|
|
|
|
$(".flag").on("change",function(){
|
|
if( $(this).hasClass("parent") ){
|
|
toggleChildren(this);
|
|
} else {
|
|
toggleParent(this);
|
|
}
|
|
});
|
|
|
|
[% IF disable_superlibrarian_privs %]
|
|
$("input#flag-0").attr("disabled", true);
|
|
$("form").submit(function(e) {
|
|
$("input#flag-0").removeAttr("disabled");
|
|
});
|
|
[% END %]
|
|
});
|
|
|
|
// manage checking/unchecking parent permissions
|
|
var originalChildStates = {}; /* keep track of subpermission checkbox values
|
|
so that user can recover from accidentally
|
|
toggling a parent/module permission */
|
|
function selectChildren(parentInput) {
|
|
var childListId = parentInput.id + '-children';
|
|
var list = document.getElementById(childListId);
|
|
var children = [];
|
|
if (list) {
|
|
var inputs = list.getElementsByTagName('input');
|
|
for (var i = 0; i < inputs.length; i++) {
|
|
if (inputs[i].type == 'checkbox') {
|
|
children.push(inputs[i]);
|
|
}
|
|
}
|
|
}
|
|
return children;
|
|
}
|
|
|
|
function toggleChildren(parentInput) {
|
|
var children = selectChildren(parentInput);
|
|
if (children.length == 0) {
|
|
return;
|
|
}
|
|
var checked = parentInput.checked;
|
|
if (checked && parentInput.parentNode.className == 'expandable') {
|
|
/* expand the tree */
|
|
$(".hitarea", parentInput.parentNode).click();
|
|
}
|
|
for (var i = 0; i < children.length; i++) {
|
|
if (checked) {
|
|
originalChildStates[children[i].id] = children[i].checked;
|
|
children[i].checked = checked;
|
|
} else {
|
|
if (children[i].id in originalChildStates) {
|
|
children[i].checked = originalChildStates[children[i].id];
|
|
} else {
|
|
children[i].checked = checked;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
function toggleParent(childInput) {
|
|
originalChildStates[childInput.id] = childInput.checked;
|
|
if (childInput.checked) {
|
|
return;
|
|
}
|
|
var parentId = childInput.parentNode.parentNode.id.replace(/-children$/, '');;
|
|
var parentInput = document.getElementById(parentId);
|
|
if (parentInput) {
|
|
parentInput.checked = false;
|
|
}
|
|
}
|
|
|
|
</script>
|
|
[% END %]
|
|
|
|
[% INCLUDE 'intranet-bottom.inc' %]
|