From acfe7fac54fa91231bb5436284d3c9d2693145fb Mon Sep 17 00:00:00 2001
From: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Date: Wed, 26 Aug 2015 14:24:25 +0100
Subject: [PATCH] Bug 14544: Fix regression on adding a new list

The user should not be allowed to create a new list and get a friendly
error message if he tries.

The "New list" links are removed.

Signed-off-by: Alex Arnaud <alex.arnaud@biblibre.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
---
 .../bootstrap/en/modules/opac-shelves.tt      | 15 +++++--
 opac/opac-shelves.pl                          | 45 ++++++++++---------
 2 files changed, 37 insertions(+), 23 deletions(-)

diff --git a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-shelves.tt b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-shelves.tt
index d86636a8fc..9ae89276ea 100644
--- a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-shelves.tt
+++ b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-shelves.tt
@@ -132,6 +132,8 @@
                         This item does not exist.
                     [% CASE 'unauthorized_on_view' %]
                         You do not have permission to view this list.
+                    [% CASE 'unauthorized_on_insert' %]
+                        You do not have permission to insert a new list.
                     [% CASE 'unauthorized_on_update' %]
                         You do not have permission to update this list.
                     [% CASE 'unauthorized_on_delete' %]
@@ -638,8 +640,15 @@
                             <div id="publicshelves" class="ui-tabs-panel ui-widget-content ui-corner-bottom" style="display:block;">
                         [% END %]
 
-                            <div id="toolbar" class="toolbar"><a class="newshelf" href="/cgi-bin/koha/opac-shelves.pl?op=add_form">New list</a></div>
-                            [% IF shelves %]
+                            [% IF loggedinusername %]
+                                <div id="toolbar" class="toolbar"><a class="newshelf" href="/cgi-bin/koha/opac-shelves.pl?op=add_form">New list</a></div>
+                            [% ELSE %]
+                                [% IF Koha.Preference( 'opacuserlogin' ) == 1 %]
+                                    <div class="alert alert-info"><a href="/cgi-bin/koha/opac-user.pl">Log in</a> to create new lists.</div>
+                                [% END %]
+                            [% END %]
+
+                            [% IF shelves.count %]
                                 <table class="table">
                                     <thead>
                                         <tr>
@@ -702,7 +711,7 @@
                             [% ELSE %]
                                 [% IF category == PUBLIC %]
                                     <p>No public lists.</p>
-                                [% ELSE %]
+                                [% ELSIF loggedinusernumber %]
                                     <p>No private lists.</p>
                                 [% END %]
                             [% END %]
diff --git a/opac/opac-shelves.pl b/opac/opac-shelves.pl
index 63dc402297..e4e4eaa6d0 100755
--- a/opac/opac-shelves.pl
+++ b/opac/opac-shelves.pl
@@ -63,27 +63,32 @@ if ( $op eq 'add_form' ) {
         push @messages, { type => 'error', code => 'does_not_exist' };
     }
 } elsif ( $op eq 'add' ) {
-    eval {
-        $shelf = Koha::Virtualshelf->new(
-            {   shelfname          => $query->param('shelfname'),
-                sortfield          => $query->param('sortfield'),
-                category           => $query->param('category') || 1,
-                allow_add          => $query->param('allow_add'),
-                allow_delete_own   => $query->param('allow_delete_own'),
-                allow_delete_other => $query->param('allow_delete_other'),
-                owner              => $query->param('owner'),
-            }
-        );
-        $shelf->store;
-        $shelfnumber = $shelf->shelfnumber;
-    };
-    if ($@) {
-        push @messages, { type => 'error', code => ref($@), msg => $@ };
-    } elsif ( not $shelf ) {
-        push @messages, { type => 'error', code => 'error_on_insert' };
+    if ( $loggedinuser ) {
+        eval {
+            $shelf = Koha::Virtualshelf->new(
+                {   shelfname          => $query->param('shelfname'),
+                    sortfield          => $query->param('sortfield'),
+                    category           => $query->param('category') || 1,
+                    allow_add          => $query->param('allow_add'),
+                    allow_delete_own   => $query->param('allow_delete_own'),
+                    allow_delete_other => $query->param('allow_delete_other'),
+                    owner              => $loggedinuser,
+                }
+            );
+            $shelf->store;
+            $shelfnumber = $shelf->shelfnumber;
+        };
+        if ($@) {
+            push @messages, { type => 'error', code => ref($@), msg => $@ };
+        } elsif ( not $shelf ) {
+            push @messages, { type => 'error', code => 'error_on_insert' };
+        } else {
+            push @messages, { type => 'message', code => 'success_on_insert' };
+            $op = 'view';
+        }
     } else {
-        push @messages, { type => 'message', code => 'success_on_insert' };
-        $op = 'view';
+        push @messages, { type => 'error', code => 'unauthorized_on_insert' };
+        $op = 'list';
     }
 } elsif ( $op eq 'edit' ) {
     $shelfnumber = $query->param('shelfnumber');
-- 
2.20.1