From bb750253644e0ba6ea04e36c80088626e8163bf2 Mon Sep 17 00:00:00 2001 From: Galen Charlton Date: Mon, 30 Dec 2013 16:05:51 +0000 Subject: [PATCH] Bug 7002: fix some invalid superlibrarian permission checks This patch fixes a problem where if a staff user has superlibrarian permissions, but also has module-specific permissions, they are prevent from editing item records that they should be allowed to. To test: [1] Turn on IndependentBranches. [2] Register a superlibrarian staff user at branch A. [3] Give that new account at least one other module-level permission. This cannot be done through the user interface, however, but can be done via SQL: UPDATE borrowers SET flags = 3 WHERE userid = 'XXX'; [4] Log in as that new superlibrarian. [5] Bring up the item details (catalogue/moredetail.pl) page for an item at branch B. Note that there is no 'Edit Item' link. [6] Similarly, try editing that item (cataloging/additem.pl). Note that the edit form forbids you from touching the item. [7] Finally, try editing that item using the Tools | Batch item modification utility. Note that it doesn't allow you to do so. [8] Apply the patch. [9] Repeat steps 5 through 7. This time, the item actions should be allowed. Signed-off-by: Galen Charlton Signed-off-by: Chris Cormack Signed-off-by: Katrin Fischer Works as described, passes QA script and test suite. Signed-off-by: Galen Charlton --- catalogue/moredetail.pl | 2 +- cataloguing/additem.pl | 2 +- tools/batchMod.pl | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/catalogue/moredetail.pl b/catalogue/moredetail.pl index a92528515e..91877ccb56 100755 --- a/catalogue/moredetail.pl +++ b/catalogue/moredetail.pl @@ -175,7 +175,7 @@ foreach my $item (@items){ if (C4::Context->preference("IndependentBranches")) { #verifying rights my $userenv = C4::Context->userenv(); - unless (($userenv->{'flags'} == 1) or ($userenv->{'branch'} eq $item->{'homebranch'})) { + unless (C4::Context->IsSuperLibrarian() or ($userenv->{'branch'} eq $item->{'homebranch'})) { $item->{'nomod'}=1; } } diff --git a/cataloguing/additem.pl b/cataloguing/additem.pl index 5c63aa32f5..268ef66e21 100755 --- a/cataloguing/additem.pl +++ b/cataloguing/additem.pl @@ -698,7 +698,7 @@ foreach my $field (@fields) { if (($field->tag eq $branchtagfield) && ($subfieldcode eq $branchtagsubfield) && C4::Context->preference("IndependentBranches")) { #verifying rights my $userenv = C4::Context->userenv(); - unless (($userenv->{'flags'} == 1) or (($userenv->{'branch'} eq $subfieldvalue))){ + unless (C4::Context->IsSuperLibrarian() or (($userenv->{'branch'} eq $subfieldvalue))){ $this_row{'nomod'} = 1; } } diff --git a/tools/batchMod.pl b/tools/batchMod.pl index 5069d9170f..97cdab6428 100755 --- a/tools/batchMod.pl +++ b/tools/batchMod.pl @@ -506,7 +506,7 @@ sub BuildItemsData{ if ($itembranchcode && C4::Context->preference("IndependentBranches")) { #verifying rights my $userenv = C4::Context->userenv(); - unless (($userenv->{'flags'} == 1) or (($userenv->{'branch'} eq $itembranchcode))){ + unless (C4::Context->IsSuperLibrarian() or (($userenv->{'branch'} eq $itembranchcode))){ $this_row{'nomod'}=1; } } -- 2.39.5