252f4674a5
So far the administration module only allowed for 2 permissions:
- circulation conditions (manage_circ_rules)
- everything else (parameters_remaining_permissions)
With this patch almost every section of the administration page
will have its own granular permission.
To test:
- Create different staff users:
1) One with parameters_remaining_permissions
2) One with parameters
3) One with catalogue and no parameters
4) One superlibrarian
- Apply the patch
- Run the database update
- Check the staff users:
1) All subpermissions, but manage_circ_rules
should be checked
2) Nothing should have changed
3) manage_item_serach_fields shoudl be checked
(page had catalogue permission before)
4) Nothing should have changed
- Try different settings of the permissions and
verify that
- Administration page behaves correctly
- Administration menu behaves correctly
! You shoudl only see what you have permission for
https://bugs.koha-community.org/show_bug.cgi?id=14391
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
60 lines
1.8 KiB
Perl
Executable file
60 lines
1.8 KiB
Perl
Executable file
#!/usr/bin/perl
|
|
# Copyright 2013 BibLibre
|
|
#
|
|
# This file is part of Koha
|
|
#
|
|
# Koha is free software; you can redistribute it and/or modify it under the
|
|
# terms of the GNU General Public License as published by the Free Software
|
|
# Foundation; either version 3 of the License, or (at your option) any later
|
|
# version.
|
|
#
|
|
# Koha is distributed in the hope that it will be useful, but WITHOUT ANY
|
|
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
|
|
# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License along
|
|
# with Koha; if not, write to the Free Software Foundation, Inc.,
|
|
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
|
|
use Modern::Perl;
|
|
use CGI;
|
|
|
|
use C4::Auth;
|
|
use C4::Output;
|
|
|
|
use Koha::Item::Search::Field qw(GetItemSearchField ModItemSearchField);
|
|
|
|
my $cgi = new CGI;
|
|
|
|
my ($template, $borrowernumber, $cookie) = get_template_and_user({
|
|
template_name => 'admin/items_search_field.tt',
|
|
query => $cgi,
|
|
type => 'intranet',
|
|
authnotrequired => 0,
|
|
flagsrequired => { parameters => 'manage_item_search_fields' },
|
|
});
|
|
|
|
my $op = $cgi->param('op') || '';
|
|
my $name = $cgi->param('name');
|
|
|
|
if ($op eq 'mod') {
|
|
my %vars = $cgi->Vars;
|
|
my $field = { name => $name };
|
|
my @params = qw(label tagfield tagsubfield authorised_values_category);
|
|
@$field{@params} = @vars{@params};
|
|
if ( $field->{authorised_values_category} eq '' ) {
|
|
$field->{authorised_values_category} = undef;
|
|
}
|
|
$field = ModItemSearchField($field);
|
|
my $updated = ($field) ? 1 : 0;
|
|
print $cgi->redirect('/cgi-bin/koha/admin/items_search_fields.pl?updated=' . $updated);
|
|
exit;
|
|
}
|
|
|
|
my $field = GetItemSearchField($name);
|
|
|
|
$template->param(
|
|
field => $field,
|
|
);
|
|
|
|
output_html_with_http_headers $cgi, $cookie, $template->output;
|