From 9cfcd21f24c176cecb743084ee22243aeb44848d Mon Sep 17 00:00:00 2001 From: Nick Clemens Date: Tue, 18 Dec 2018 12:05:10 +0000 Subject: [PATCH] Bug 15774: Add permission for managing additional fields To test: 1 - Have three borrowers, one with order_manage permission, one with edit_subscription permisson, andone with both 2 - Apply patch, updatedatabase 3 - Verify all three now have the manage_additional_fields permission 4 - Visit the admin page with these users, they should all see the 'Manage additional fields' link 5 - Click the link 6 - User with order_manage should see 'Order baskest' 7 - User with edit_subscription should see 'Subscriptions' 8 - User with both should see both 9 - Remove the additional permissions from a user - they should see a note about needing additional permissions Signed-off-by: Josef Moravec Signed-off-by: Nick Clemens --- admin/additional-fields.pl | 15 ++++++++++++--- ...5774_add_additional_fields_permissions.perl | 18 ++++++++++++++++++ installer/data/mysql/userpermissions.sql | 1 + .../prog/en/includes/admin-menu.inc | 4 ++-- .../prog/en/includes/permissions.inc | 1 + .../prog/en/modules/admin/additional-fields.tt | 12 ++++++++++-- .../prog/en/modules/admin/admin-home.tt | 6 +++++- 7 files changed, 49 insertions(+), 8 deletions(-) create mode 100644 installer/data/mysql/atomicupdate/Bug_15774_add_additional_fields_permissions.perl diff --git a/admin/additional-fields.pl b/admin/additional-fields.pl index 5bc722c09d..1b306f1ad7 100755 --- a/admin/additional-fields.pl +++ b/admin/additional-fields.pl @@ -26,19 +26,28 @@ use Koha::AdditionalFields; my $input = new CGI; +my %flagsrequired; +$flagsrequired{parameters} = 'manage_additional_fields'; + +my $tablename = $input->param('tablename'); +my $op = $input->param('op') // ( $tablename ? 'list' : 'list_tables' ); + +if( $op ne 'list_tables' ){ + $flagsrequired{acquisition} = 'order_manage' if $tablename eq 'aqbasket'; + $flagsrequired{serials} = 'edit_subscription' if $tablename eq 'subscription'; +} + my ( $template, $loggedinuser, $cookie ) = get_template_and_user( { template_name => "admin/additional-fields.tt", query => $input, type => "intranet", authnotrequired => 0, - flagsrequired => { parameters => 1 }, + flagsrequired => \%flagsrequired, debug => 1, } ); -my $tablename = $input->param('tablename'); -my $op = $input->param('op') // ( $tablename ? 'list' : 'list_tables' ); my $field_id = $input->param('field_id'); my @messages; diff --git a/installer/data/mysql/atomicupdate/Bug_15774_add_additional_fields_permissions.perl b/installer/data/mysql/atomicupdate/Bug_15774_add_additional_fields_permissions.perl new file mode 100644 index 0000000000..314bfdc67a --- /dev/null +++ b/installer/data/mysql/atomicupdate/Bug_15774_add_additional_fields_permissions.perl @@ -0,0 +1,18 @@ +$DBversion = 'XXX'; +if( CheckVersion( $DBversion ) ) { + $dbh->do( q{ + INSERT IGNORE INTO permissions (module_bit,code,description) + VALUES + (3,'manage_additional_fields','Add, edit, or delete additional custom fields for baskets or subscriptions (also requires order_manage or edit_subscription permissions)') + }); + $dbh->do( q{ + INSERT INTO user_permissions (borrowernumber, module_bit, code) + SELECT borrowernumber, 3, 'manage_additional_fields' FROM borrowers WHERE borrowernumber IN (SELECT DISTINCT borrowernumber FROM user_permissions WHERE code = 'order_manage' OR code = 'edit_subscription'); + }); + $dbh->do( q{ + INSERT INTO user_permissions (borrowernumber, module_bit, code) + SELECT borrowernumber, 3, 'manage_additional_fields' FROM borrowers WHERE borrowernumber IN (SELECT borrowernumber FROM borrowers WHERE MOD(flags DIV POWER(2,11),2)=1 OR MOD(flags DIV POWER(2,15),2) =1); + }); + SetVersion( $DBversion ); + print "Upgrade to $DBversion done (Bug 15774 - Add permission for managing additional fields)\n"; +} diff --git a/installer/data/mysql/userpermissions.sql b/installer/data/mysql/userpermissions.sql index 16b003ebd5..6876fad8ac 100644 --- a/installer/data/mysql/userpermissions.sql +++ b/installer/data/mysql/userpermissions.sql @@ -31,6 +31,7 @@ INSERT INTO permissions (module_bit, code, description) VALUES ( 3, 'manage_audio_alerts', 'Manage audio alerts'), ( 3, 'manage_usage_stats', 'Manage usage statistics settings'), ( 3, 'manage_mana', 'Manage Mana KB content sharing'), + ( 3, 'manage_additional_fields', 'Add, edit, or delete additional custom fields for baskets or subscriptions (also requires order_manage or edit_subscription permissions)'), ( 4, 'edit_borrowers', 'Add, modify and view patron information'), ( 4, 'view_borrower_infos_from_any_libraries', 'View patron infos from any libraries'), ( 6, 'place_holds', 'Place holds for patrons'), diff --git a/koha-tmpl/intranet-tmpl/prog/en/includes/admin-menu.inc b/koha-tmpl/intranet-tmpl/prog/en/includes/admin-menu.inc index b2f32420c7..1677280097 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/includes/admin-menu.inc +++ b/koha-tmpl/intranet-tmpl/prog/en/includes/admin-menu.inc @@ -110,7 +110,7 @@ [% END %] - [% IF ( CAN_user_parameters_manage_search_targets || CAN_user_parameters_manage_didyoumean || CAN_user_parameters_manage_column_config || CAN_user_parameters_manage_audio_alerts || ( CAN_user_parameters_manage_sms_providers && Koha.Preference('SMSSendDriver') == 'Email' ) || CAN_user_parameters_manage_usage_stats || CAN_user_parameters_manage_additional_fields_baskets || CAN_user_parameters_manage_additional_fields_subscriptions ) %] + [% IF ( CAN_user_parameters_manage_search_targets || CAN_user_parameters_manage_didyoumean || CAN_user_parameters_manage_column_config || CAN_user_parameters_manage_audio_alerts || ( CAN_user_parameters_manage_sms_providers && Koha.Preference('SMSSendDriver') == 'Email' ) || CAN_user_parameters_manage_usage_stats || CAN_user_parameters_manage_additional_fields ) %]
Additional parameters
    @@ -135,7 +135,7 @@ [% IF ( CAN_user_parameters_manage_mana ) %]
  • Share content with Mana KB
  • [% END %] - [% IF ( CAN_user_parameters_manage_additional_fields_baskets || CAN_user_parameters_manage_additional_fields_subscriptions ) %] + [% IF ( CAN_user_parameters_manage_additional_fields ) %]
  • Additional fields
  • [% END %]
diff --git a/koha-tmpl/intranet-tmpl/prog/en/includes/permissions.inc b/koha-tmpl/intranet-tmpl/prog/en/includes/permissions.inc index 9d538a34ad..e014db7395 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/includes/permissions.inc +++ b/koha-tmpl/intranet-tmpl/prog/en/includes/permissions.inc @@ -57,6 +57,7 @@ [%- CASE 'manage_didyoumean' -%]Manage Did you mean? configuration [%- CASE 'manage_column_config' -%]Manage column configuration [%- CASE 'manage_audio_alerts' -%]Manage audio alerts + [%- CASE 'manage_additional_fields' -%]Manage additional fields for baskets or subscriptions (requires edit_subscription or order_manage permissions) [%- CASE 'manage_sms_providers' -%]Manage SMS cellular providers [%- CASE 'manage_usage_stats' -%]Manage usage statistics settings [%- CASE 'manage_mana' -%]Manage Mana KB content sharing diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/additional-fields.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/additional-fields.tt index 3b5309cfe4..ad1ebb718d 100755 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/additional-fields.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/additional-fields.tt @@ -64,15 +64,23 @@ [% END %] [% IF op == 'list_tables' %] + [% IF CAN_user_acquisitions_order_manage || CAN_user_serials_edit_subscription %]

Additional fields

Select a table:

[% BLOCK table_option %]
  • [% content | html %] ([% value | html %])
  • [% END %]
      - [% WRAPPER table_option value="aqbasket" %]Order baskets[% END %] - [% WRAPPER table_option value="subscription" %]Subscriptions[% END %] + [% IF CAN_user_acquisition_order_manage %] + [% WRAPPER table_option value="aqbasket" %]Order baskets[% END %] + [% END %] + [% IF CAN_user_serials_edit_subscription %] + [% WRAPPER table_option value="subscription" %]Subscriptions[% END %] + [% END %]
    + [% ELSE %] + Additional permissions in the acquisitions or serials modules are required for editing additional fields + [% END %] [% ELSIF op == 'list' %]

    Additional fields for '[% tablename | html %]'

    [% IF fields %] diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/admin-home.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/admin-home.tt index ee1abfc808..a672b69afa 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/admin-home.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/admin-home.tt @@ -174,7 +174,7 @@ [% END %] - [% IF ( ( CAN_user_parameters_manage_search_targets || CAN_user_parameters_manage_didyoumean || CAN_user_parameters_manage_column_config || CAN_user_parameters_manage_audio_alerts || CAN_user_parameters_manage_sms_providers && Koha.Preference('SMSSendDriver') == 'Email' ) || CAN_user_parameters_manage_usage_stats || CAN_user_parameters_manage_additional_fields_baskets || CAN_user_parameters_manage_additional_fields_subscriptions || CAN_user_parameters_manage_mana ) %] + [% IF ( ( CAN_user_parameters_manage_search_targets || CAN_user_parameters_manage_didyoumean || CAN_user_parameters_manage_column_config || CAN_user_parameters_manage_audio_alerts || CAN_user_parameters_manage_sms_providers && Koha.Preference('SMSSendDriver') == 'Email' ) || CAN_user_parameters_manage_usage_stats || CAN_user_parameters_manage_additional_fields || CAN_user_parameters_manage_mana ) %]

    Additional parameters