From e2f1310f71e2dede935658684f88f80c3e7e49c7 Mon Sep 17 00:00:00 2001
From: Nick Clemens <nick@bywatersolutions.com>
Date: Tue, 23 Jul 2024 13:26:12 +0000
Subject: [PATCH] Bug 37392: can_see_things_from is always checking patron
 visibility

When trying to edit items, we are seeing the button visibility affected by a patron's
permission to view patrons form any library.

This is because can_edit_items_from is calling can_see_things_from - which is ultimately calling
libraries_where_can_see_patrons

That last call should be to libraries_where_can_see_things. This patch corrects that, and passes forward the group feature to check against

To test:

Set up library group:
* Create a library group for library A + B
* Action: Limit item editing by group

Set up test user:
* Create a staff patron with these permissions:
  * catalogue
  * fast_cataloguing
  * edit_items
  * view_borrower_infos_from_any_libraries
  * edit borrowers
* Home library: library A

Set up test items:
* Create a record with 3 items with different home libraries:
  * A
  * B
  * C

We expect the user will be allowed to edit A and B, but not C.

Test:
* Test editing the items with the test user, only A is allowed to be edited.
* Remove the view_borrower_infos_from_any_libraries permission from test user.
* Test editing items now behaves as expected: A + B are allowed, C is not.

Signed-off-by: Michaela Sieber <michaela.sieber@kit.edu>
Signed-off-by: Brendan Lawlor <blawlor@clamsnet.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
---
 Koha/Patron.pm | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/Koha/Patron.pm b/Koha/Patron.pm
index 59bf29d730..7de0d8c800 100644
--- a/Koha/Patron.pm
+++ b/Koha/Patron.pm
@@ -1821,6 +1821,7 @@ sub can_see_patrons_from {
             branchcode => $branchcode,
             permission => 'borrowers',
             subpermission => 'view_borrower_infos_from_any_libraries',
+            group_feature => 'ft_hide_patron_info',
         }
     );
 }
@@ -1848,6 +1849,7 @@ sub can_edit_items_from {
             branchcode    => $branchcode,
             permission    => 'editcatalogue',
             subpermission => 'edit_any_item',
+            group_feature => 'ft_limit_item_editing',
         }
     );
 }
@@ -1922,7 +1924,7 @@ sub can_see_things_from {
         $can = 1;
     } elsif ( $self->has_permission( { $permission => $subpermission } ) ) {
         $can = 1;
-    } elsif ( my @branches = $self->libraries_where_can_see_patrons ) {
+    } elsif ( my @branches = $self->libraries_where_can_see_things($params) ) {
         $can = ( any { $_ eq $branchcode } @branches ) ? 1 : 0;
     }
     return $can;
-- 
2.39.5