From b693ea0cd8bd7b781eb43e6ee8bfc8883d8832cb Mon Sep 17 00:00:00 2001 From: Mathieu Saby Date: Thu, 19 Sep 2013 14:12:02 +0200 Subject: [PATCH] Bug 9780: restrict the ability to delete a bib record associated with an order Currently, anyone can delete a record used in an order. With this patch, only librarians with managing order permission can delete it if it is used in an active or a deleted order. This patch also add a specific warning informing that deleting a record used in an active order is dangerous. To test : A. test what can do and see a librarian with order managing rights 0) Connect to Koha with a borrower with order managing rights 1) in a basket, create 2 orders A & B from new records 2) delete order B 3) in the catalogue, try to delete - record used for order A : you should see a specific warning informing you the record is used in 1 order, and that deleting it is dangerous - record used for order B : you should see a specific warning informing you the record is used in 1 deleted order - a record not used in any order : you should see no specific warning B. test what can do and see a librarian without order managing rights 4) Connect to Koha with a borrower without order managing rights 5) in a basket, create 2 orders A & B from new records 6) delete order B 7) in the catalogue, try to delete - record used for order A : you should see a specific warning informing you that you need specific rights to delete the record - record used for order B : idem - a record not used in any order : you should see no specific warning Signed-off-by: Pierre Angot Signed-off-by: Paul Poulain Signed-off-by: Galen Charlton --- catalogue/detail.pl | 32 +++++++++++++++++++ .../prog/en/includes/cat-toolbar.inc | 23 ++++++++++--- 2 files changed, 51 insertions(+), 4 deletions(-) diff --git a/catalogue/detail.pl b/catalogue/detail.pl index 60ac611325..955dbf5e1b 100755 --- a/catalogue/detail.pl +++ b/catalogue/detail.pl @@ -42,6 +42,7 @@ use C4::Images; use Koha::DateUtils; use C4::HTML5Media; use C4::CourseReserves qw(GetItemCourseReservesInfo); +use C4::Acquisition qw(GetOrdersByBiblionumber); # use Smart::Comments; @@ -430,4 +431,35 @@ if ($StaffDetailItemSelection) { } } +my @allorders_using_biblio = GetOrdersByBiblionumber ($biblionumber); +my @deletedorders_using_biblio; +my @orders_using_biblio; +my @baskets_orders; +my @baskets_deletedorders; + +foreach my $myorder (@allorders_using_biblio) { + my $basket = $myorder->{'basketno'}; + if ((defined $myorder->{'datecancellationprinted'}) and ($myorder->{'datecancellationprinted'} ne '0000-00-00') ){ + push @deletedorders_using_biblio, $myorder; + unless (grep(/^$basket$/, @baskets_deletedorders)){ + push @baskets_deletedorders,$myorder->{'basketno'}; + } + } + else { + push @orders_using_biblio, $myorder; + unless (grep(/^$basket$/, @baskets_orders)){ + push @baskets_orders,$myorder->{'basketno'}; + } + } +} + +my $count_orders_using_biblio = scalar @orders_using_biblio ; +$template->param (countorders => $count_orders_using_biblio); + +my $count_deletedorders_using_biblio = scalar @deletedorders_using_biblio ; +$template->param (countdeletedorders => $count_deletedorders_using_biblio); + +$template->param (basketsorders => \@baskets_orders); +$template->param (basketsdeletedorders => \@baskets_deletedorders); + output_html_with_http_headers $query, $cookie, $template->output; diff --git a/koha-tmpl/intranet-tmpl/prog/en/includes/cat-toolbar.inc b/koha-tmpl/intranet-tmpl/prog/en/includes/cat-toolbar.inc index 553d9ae744..2c6f350f12 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/includes/cat-toolbar.inc +++ b/koha-tmpl/intranet-tmpl/prog/en/includes/cat-toolbar.inc @@ -31,16 +31,31 @@ function confirm_deletion() { var count = [% count %]; var holdcount = [% holdcount %]; - + var countorders = [% countorders %]; + var countdeletedorders = [% countdeletedorders %]; var is_confirmed; if (count > 0){ is_confirmed = alert( count + " " +_("item(s) are attached to this record. You must delete all items before deleting this record.") ); - } else if ( holdcount > 0 ) { - is_confirmed = confirm( holdcount + " " + _("hold(s) on this record. Are you sure you want to delete this record?.")); + } + else if (countorders > 0){ + [% IF ( CAN_user_acquisition_order_manage ) %] + is_confirmed = confirm( _("Warning: This record is used in")+" "+ countorders + " " +_("order(s). Deleting it could cause serious issues on acquisition module.\nAre you sure you want to delete this record?") ); + [% ELSE %] + is_confirmed = alert( countorders + " " +_("order(s) are using this record.\nYou need order managing permissions to delete this record.") ); + [% END %] + } + else if (countdeletedorders > 0){ + [% IF ( CAN_user_acquisition_order_manage ) %] + is_confirmed = confirm( countdeletedorders + " " +_("deleted order(s) are using this record.\nAre you sure you want to delete this record?") ); + [% ELSE %] + is_confirmed = alert( countdeletedorders + " " +_("deleted order(s) are using this record.\nYou need order managing permissions to delete this record.") ); + [% END %] + } + else if ( holdcount > 0 ) { + is_confirmed = confirm( holdcount + " " + _("holds(s) for this record.\nAre you sure you want to delete this record?")); } else { is_confirmed = confirm(_("Are you sure you want to delete this record?")); } - if (is_confirmed) { if ( count > 0 || holdcount > 0 ){ return false; -- 2.39.5