Koha/admin/printers.pl
Katrin Fischer 252f4674a5 Bug 14391: Add granular permissions to the administration module
So far the administration module only allowed for 2 permissions:
- circulation conditions (manage_circ_rules)
- everything else (parameters_remaining_permissions)

With this patch almost every section of the administration page
will have its own granular permission.

To test:
- Create different staff users:
  1) One with parameters_remaining_permissions
  2) One with parameters
  3) One with catalogue and no parameters
  4) One superlibrarian
- Apply the patch
- Run the database update
- Check the staff users:
  1) All subpermissions, but manage_circ_rules
     should be checked
  2) Nothing should have changed
  3) manage_item_serach_fields shoudl be checked
     (page had catalogue permission before)
  4) Nothing should have changed
- Try different settings of the permissions and
  verify that
  - Administration page behaves correctly
  - Administration menu behaves correctly
  ! You shoudl only see what you have permission for

https://bugs.koha-community.org/show_bug.cgi?id=14391

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-11-07 12:29:32 +00:00

137 lines
5 KiB
Perl
Executable file

#!/usr/bin/perl
#script to administer the aqbudget table
#written 20/02/2002 by paul.poulain@free.fr
# This software is placed under the gnu General Public License, v2 (http://www.gnu.org/licenses/gpl.html)
# ALGO :
# this script use an $op to know what to do.
# if $op is empty or none of the above values,
# - the default screen is build (with all records, or filtered datas).
# - the user can clic on add, modify or delete record.
# if $op=add_form
# - if primkey exists, this is a modification,so we read the $primkey record
# - builds the add/modify form
# if $op=add_validate
# - the user has just send datas, so we create/modify the record
# if $op=delete_form
# - we show the record having primkey=$primkey and ask for deletion validation form
# if $op=delete_confirm
# - we delete the record having primkey=$primkey
# Copyright 2000-2002 Katipo Communications
#
# This file is part of Koha.
#
# Koha is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# Koha is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Koha; if not, see <http://www.gnu.org/licenses>.
use Modern::Perl;
use CGI qw ( -utf8 );
use C4::Context;
use C4::Output;
use C4::Auth;
sub StringSearch {
my ($searchstring,$type)=@_; # why bother with $type if we don't use it?!
$searchstring=~ s/\'/\\\'/g;
my @data=split(' ',$searchstring);
my $sth = C4::Context->dbh->prepare("
SELECT printername,printqueue,printtype from printers
WHERE (printername like ?) order by printername
");
$sth->execute("$data[0]%");
my $data=$sth->fetchall_arrayref({});
return (scalar(@$data),$data);
}
my $input = new CGI;
my $searchfield=$input->param('searchfield');
#my $branchcode=$input->param('branchcode');
my $script_name="/cgi-bin/koha/admin/printers.pl";
my $op = $input->param('op');
$searchfield=~ s/\,//g;
my ($template, $loggedinuser, $cookie) = get_template_and_user(
{
template_name => "admin/printers.tt",
query => $input,
type => "intranet",
authnotrequired => 0,
flagsrequired => {parameters => '*'},
debug => 1,
}
);
$template->param(searchfield => $searchfield,
script_name => $script_name);
#start the page and read in includes
my $dbh = C4::Context->dbh;
################## ADD_FORM ##################################
# called by default. Used to create form to add or modify a record
if ($op eq 'add_form') {
$template->param(add_form => 1);
#---- if primkey exists, it's a modify action, so read values to modify...
my $data;
if ($searchfield) {
my $sth=$dbh->prepare("SELECT printername,printqueue,printtype from printers where printername=?");
$sth->execute($searchfield);
$data=$sth->fetchrow_hashref;
}
$template->param(printqueue => $data->{'printqueue'},
printtype => $data->{'printtype'});
# END $OP eq ADD_FORM
################## ADD_VALIDATE ##################################
# called by add_form, used to insert/modify data in DB
} elsif ($op eq 'add_validate') {
$template->param(add_validate => 1);
if ($input->param('add')){
my $sth=$dbh->prepare("INSERT INTO printers (printername,printqueue,printtype) VALUES (?,?,?)");
$sth->execute($input->param('printername'),$input->param('printqueue'),$input->param('printtype'));
} else {
my $sth=$dbh->prepare("UPDATE printers SET printqueue=?,printtype=? WHERE printername=?");
$sth->execute($input->param('printqueue'),$input->param('printtype'),$input->param('printername'));
}
# END $OP eq ADD_VALIDATE
################## DELETE_CONFIRM ##################################
# called by default form, used to confirm deletion of data in DB
} elsif ($op eq 'delete_confirm') {
$template->param(delete_confirm => 1);
my $sth=$dbh->prepare("select printername,printqueue,printtype from printers where printername=?");
$sth->execute($searchfield);
my $data=$sth->fetchrow_hashref;
$template->param(printqueue => $data->{'printqueue'},
printtype => $data->{'printtype'});
# END $OP eq DELETE_CONFIRM
################## DELETE_CONFIRMED ##################################
# called by delete_confirm, used to effectively confirm deletion of data in DB
} elsif ($op eq 'delete_confirmed') {
$template->param(delete_confirmed => 1);
my $sth=$dbh->prepare("delete from printers where printername=?");
$sth->execute($searchfield);
# END $OP eq DELETE_CONFIRMED
################## DEFAULT ###########################################
} else { # DEFAULT
$template->param(else => 1);
my ($count,$results)=StringSearch($searchfield,'web');
$template->param(loop => $results);
} #---- END $OP eq DEFAULT
output_html_with_http_headers $input, $cookie, $template->output;