From fc6ccb1a616c96e8cddf57efd2195a0bec7bc976 Mon Sep 17 00:00:00 2001
From: Galen Charlton <galen.charlton@liblime.com>
Date: Thu, 10 Apr 2008 11:37:47 -0500
Subject: [PATCH] granular permissions - updated Tools

Updated all scripts appearing on the tools page
to respect a granular permission defined for
each of them.

The tools menu and home page have been changed so
that only the specific tools that a user has
access are displayed.  This is simple, but depending on
the module and circumstance, it may be better to
display functions that the user has does not have
access to, but disable the links and do some sort
of visual styling to indicate that a function exists
but requires additional privileges to access.

Signed-off-by: Joshua Ferraro <jmf@liblime.com>
---
 .../prog/en/includes/tools-menu.inc           | 30 +++++++++++++++++++
 reviews/reviewswaiting.pl                     |  2 +-
 tools/background-job-progress.pl              |  2 +-
 tools/cleanborrowers.pl                       |  2 +-
 tools/export.pl                               |  2 +-
 tools/holidays.pl                             |  2 +-
 tools/import_borrowers.pl                     |  2 +-
 tools/inventory.pl                            |  2 +-
 tools/koha-news.pl                            |  2 +-
 tools/letter.pl                               |  2 +-
 tools/manage-marc-import.pl                   |  2 +-
 tools/overduerules.pl                         |  2 +-
 tools/picture-upload.pl                       |  2 +-
 tools/scheduler.pl                            |  2 +-
 tools/stage-marc-import.pl                    |  2 +-
 tools/tools-home.pl                           |  2 +-
 tools/upload-file-progress.pl                 |  2 +-
 tools/upload-file.pl                          |  2 +-
 tools/viewlog.pl                              |  2 +-
 19 files changed, 48 insertions(+), 18 deletions(-)

diff --git a/koha-tmpl/intranet-tmpl/prog/en/includes/tools-menu.inc b/koha-tmpl/intranet-tmpl/prog/en/includes/tools-menu.inc
index cf130fdf43..d123d55720 100644
--- a/koha-tmpl/intranet-tmpl/prog/en/includes/tools-menu.inc
+++ b/koha-tmpl/intranet-tmpl/prog/en/includes/tools-menu.inc
@@ -7,19 +7,49 @@
 </script>
 <div id="navmenu"><ul id="navmenulist">
 	<li><a href="/cgi-bin/koha/tools/tools-home.pl">Tools Home</a></li>
+    <!-- TMPL_IF NAME="CAN_user_tools_edit_news" -->
 	<li><a href="/cgi-bin/koha/tools/koha-news.pl">News</a></li>
+    <!-- /TMPL_IF -->
+    <!-- TMPL_IF NAME="CAN_user_tools_label_creator" -->
 	<li><a href="/cgi-bin/koha/labels/label-home.pl">Labels (spine and barcode)</a></li>
+    <!-- /TMPL_IF -->
+    <!-- TMPL_IF NAME="CAN_user_tools_edit_calendar" -->
 	<li><a href="/cgi-bin/koha/tools/holidays.pl">Calendar</a></li>
+    <!-- /TMPL_IF -->
+    <!-- TMPL_IF NAME="CAN_user_tools_edit_notices" -->
 	<li><a href="/cgi-bin/koha/tools/letter.pl">Notices</a></li>
+    <!-- /TMPL_IF -->
+    <!-- TMPL_IF NAME="CAN_user_tools_edit_notice_status_triggers" -->
 	<li><a href="/cgi-bin/koha/tools/overduerules.pl">Notice/status triggers</a></li>
+    <!-- /TMPL_IF -->
+    <!-- TMPL_IF NAME="CAN_user_tools_moderate_comments" -->
 	<li><a href="/cgi-bin/koha/reviews/reviewswaiting.pl">Moderate OPAC comments</a></li>
+    <!-- /TMPL_IF -->
+    <!-- TMPL_IF NAME="CAN_user_tools_view_system_logs" -->
 	<li><a href="/cgi-bin/koha/tools/viewlog.pl">Log viewer</a></li>
+    <!-- /TMPL_IF -->
+    <!-- TMPL_IF NAME="CAN_user_tools_inventory" -->
 	<li><a href="/cgi-bin/koha/tools/inventory.pl">Inventory/stocktaking</a></li>
+    <!-- /TMPL_IF -->
+    <!-- TMPL_IF NAME="CAN_user_tools_stage_marc_import" -->
 	<li><a href="/cgi-bin/koha/tools/stage-marc-import.pl">MARC Import (staging)</a></li>
+    <!-- /TMPL_IF -->
+    <!-- TMPL_IF NAME="CAN_user_tools_manage_staged_marc" -->
 	<li><a href="/cgi-bin/koha/tools/manage-marc-import.pl">MARC Import (managing batches)</a></li>
+    <!-- /TMPL_IF -->
+    <!-- TMPL_IF NAME="CAN_user_tools_export_catalog" -->
 	<li><a href="/cgi-bin/koha/tools/export.pl">Export bibs/holdings</a></li>
+    <!-- /TMPL_IF -->
+    <!-- TMPL_IF NAME="CAN_user_tools_import_patrons" -->
 	<li><a href="/cgi-bin/koha/tools/import_borrowers.pl">Import patrons</a></li>
+    <!-- /TMPL_IF -->
+    <!-- TMPL_IF NAME="CAN_user_tools_delete_anonymize_patrons" -->
 	<li><a href="/cgi-bin/koha/tools/cleanborrowers.pl">Patrons (anonomize, bulk-delete)</a></li>
+    <!-- /TMPL_IF -->
+    <!-- TMPL_IF NAME="CAN_user_tools_batch_upload_patron_images" -->
 	<li><a href="/cgi-bin/koha/tools/picture-upload.pl">Upload Patron Images</a></li>
+    <!-- /TMPL_IF -->
+    <!-- TMPL_IF NAME="CAN_user_tools_schedule_tasks" -->
 	<li><a href="/cgi-bin/koha/tools/scheduler.pl">Task Scheduler</a></li>
+    <!-- /TMPL_IF -->
 </ul></div>
diff --git a/reviews/reviewswaiting.pl b/reviews/reviewswaiting.pl
index aa3903e357..de076a6782 100755
--- a/reviews/reviewswaiting.pl
+++ b/reviews/reviewswaiting.pl
@@ -31,7 +31,7 @@ my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
         query           => $query,
         type            => "intranet",
         authnotrequired => 0,
-        flagsrequired   => { catalogue => 1 },
+        flagsrequired   => { tools => 'moderate_comments' },
         debug           => 1,
     }
 );
diff --git a/tools/background-job-progress.pl b/tools/background-job-progress.pl
index 9219e4eac2..02266ee424 100755
--- a/tools/background-job-progress.pl
+++ b/tools/background-job-progress.pl
@@ -31,7 +31,7 @@ use CGI::Cookie; # need to check cookies before
 
 my $input = new CGI;
 my %cookies = fetch CGI::Cookie;
-my ($auth_status, $sessionID) = check_cookie_auth($cookies{'CGISESSID'}->value, { tools => 1 });
+my ($auth_status, $sessionID) = check_cookie_auth($cookies{'CGISESSID'}->value, { tools => '*' });
 if ($auth_status ne "ok") {
     my $reply = CGI->new("");
     print $reply->header(-type => 'text/html');
diff --git a/tools/cleanborrowers.pl b/tools/cleanborrowers.pl
index ad6f2a8620..ddfb7e36ee 100755
--- a/tools/cleanborrowers.pl
+++ b/tools/cleanborrowers.pl
@@ -59,7 +59,7 @@ my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
         query           => $cgi,
         type            => "intranet",
         authnotrequired => 0,
-        flagsrequired   => { tools => 1, catalogue => 1 },
+        flagsrequired   => { tools => 'delete_anonymize_patrons', catalogue => 1 },
     }
 );
 
diff --git a/tools/export.pl b/tools/export.pl
index 1fb1dae67a..aee9e32cb4 100755
--- a/tools/export.pl
+++ b/tools/export.pl
@@ -155,7 +155,7 @@ else {
             query => $query,
             type => "intranet",
             authnotrequired => 0,
-            flagsrequired => {tools => 1},
+            flagsrequired => {tools => 'export_catalog'},
             debug => 1,
          }
     );
diff --git a/tools/holidays.pl b/tools/holidays.pl
index d2f61e5b60..c87964aed6 100755
--- a/tools/holidays.pl
+++ b/tools/holidays.pl
@@ -38,7 +38,7 @@ my ($template, $loggedinuser, $cookie)
                              type => "intranet",
                              query => $input,
                              authnotrequired => 0,
-                             flagsrequired => {tools => 1},
+                             flagsrequired => {tools => 'edit_calendar'},
                              debug => 1,
                            });
 
diff --git a/tools/import_borrowers.pl b/tools/import_borrowers.pl
index 30200d4fae..db448ab0f9 100755
--- a/tools/import_borrowers.pl
+++ b/tools/import_borrowers.pl
@@ -66,7 +66,7 @@ my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
         query           => $input,
         type            => "intranet",
         authnotrequired => 0,
-        flagsrequired   => { tools => 1 },
+        flagsrequired   => { tools => 'import_patrons' },
         debug           => 1,
     }
 );
diff --git a/tools/inventory.pl b/tools/inventory.pl
index f123163819..a144b17ff9 100755
--- a/tools/inventory.pl
+++ b/tools/inventory.pl
@@ -50,7 +50,7 @@ my ($template, $borrowernumber, $cookie)
                 query => $input,
                 type => "intranet",
                 authnotrequired => 0,
-                flagsrequired => {tools => 1},
+                flagsrequired => {tools => 'inventory'},
                 debug => 1,
                 });
 
diff --git a/tools/koha-news.pl b/tools/koha-news.pl
index b0196d23f6..5da0926cc6 100755
--- a/tools/koha-news.pl
+++ b/tools/koha-news.pl
@@ -49,7 +49,7 @@ my ( $template, $borrowernumber, $cookie ) = get_template_and_user(
         query           => $cgi,
         type            => "intranet",
         authnotrequired => 0,
-        flagsrequired   => { tools => 1 },
+        flagsrequired   => { tools => 'edit_news' },
         debug           => 1,
     }
 );
diff --git a/tools/letter.pl b/tools/letter.pl
index 5429b24270..160aa97c21 100755
--- a/tools/letter.pl
+++ b/tools/letter.pl
@@ -82,7 +82,7 @@ my ( $template, $borrowernumber, $cookie ) = get_template_and_user(
         query           => $input,
         type            => "intranet",
         authnotrequired => 0,
-        flagsrequired   => { tools => 1 },
+        flagsrequired   => { tools => 'edit_notices' },
         debug           => 1,
     }
 );
diff --git a/tools/manage-marc-import.pl b/tools/manage-marc-import.pl
index 7dcef8aab3..2501a6bc6c 100755
--- a/tools/manage-marc-import.pl
+++ b/tools/manage-marc-import.pl
@@ -52,7 +52,7 @@ my ($template, $loggedinuser, $cookie)
                  query => $input,
                  type => "intranet",
                  authnotrequired => 0,
-                 flagsrequired => {parameters => 1},
+                 flagsrequired => {tools => 'manage_staged_marc'},
                  debug => 1,
                  });
 
diff --git a/tools/overduerules.pl b/tools/overduerules.pl
index f63f581016..668a69ef03 100755
--- a/tools/overduerules.pl
+++ b/tools/overduerules.pl
@@ -41,7 +41,7 @@ my ($template, $loggedinuser, $cookie)
                             query => $input,
                             type => "intranet",
                             authnotrequired => 0,
-                            flagsrequired => {parameters => 1, tools => 1},
+                            flagsrequired => {parameters => 1, tools => 'edit_notice_status_triggers'},
                             debug => 1,
                             });
 my $err=0;
diff --git a/tools/picture-upload.pl b/tools/picture-upload.pl
index d96149209e..68684fbee0 100755
--- a/tools/picture-upload.pl
+++ b/tools/picture-upload.pl
@@ -37,7 +37,7 @@ my ($template, $loggedinuser, $cookie)
 					query => $input,
 					type => "intranet",
 					authnotrequired => 0,
-					flagsrequired => {management => 1, tools => 1},
+					flagsrequired => {management => 1, tools => 'batch_upload_patron_images'},
 					debug => 0,
 					});
 
diff --git a/tools/scheduler.pl b/tools/scheduler.pl
index 2d75bcec63..779098bd8e 100755
--- a/tools/scheduler.pl
+++ b/tools/scheduler.pl
@@ -36,7 +36,7 @@ my ( $template, $borrowernumber, $cookie ) = get_template_and_user(
 		query           => $input,
 		type            => "intranet",
 		authnotrequired => 0,
-		flagsrequired   => { editcatalogue => 1 },
+		flagsrequired   => { tools => 'schedule_tasks' },
 		debug           => 1,
 	    }
 	);
diff --git a/tools/stage-marc-import.pl b/tools/stage-marc-import.pl
index 3075c525ce..b926da643d 100755
--- a/tools/stage-marc-import.pl
+++ b/tools/stage-marc-import.pl
@@ -58,7 +58,7 @@ my ($template, $loggedinuser, $cookie)
 					query => $input,
 					type => "intranet",
 					authnotrequired => 0,
-					flagsrequired => {tools => 1},
+					flagsrequired => {tools => 'stage_marc_import'},
 					debug => 1,
 					});
 
diff --git a/tools/tools-home.pl b/tools/tools-home.pl
index cca60e9a07..c49d2e7ba9 100755
--- a/tools/tools-home.pl
+++ b/tools/tools-home.pl
@@ -27,7 +27,7 @@ my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
         query           => $query,
         type            => "intranet",
         authnotrequired => 0,
-        flagsrequired   => { tools => 1 },
+        flagsrequired   => { tools => '*' },
         debug           => 1,
     }
 );
diff --git a/tools/upload-file-progress.pl b/tools/upload-file-progress.pl
index a89a62f563..a441a5a0d5 100755
--- a/tools/upload-file-progress.pl
+++ b/tools/upload-file-progress.pl
@@ -30,7 +30,7 @@ use CGI::Cookie; # need to check cookies before
                  # having CGI parse the POST request
 
 my %cookies = fetch CGI::Cookie;
-my ($auth_status, $sessionID) = check_cookie_auth($cookies{'CGISESSID'}->value, { tools => 1 });
+my ($auth_status, $sessionID) = check_cookie_auth($cookies{'CGISESSID'}->value, { tools => '*' });
 if ($auth_status ne "ok") {
     my $reply = CGI->new("");
     print $reply->header(-type => 'text/html');
diff --git a/tools/upload-file.pl b/tools/upload-file.pl
index 1c11a04fc5..a1c3c0229f 100755
--- a/tools/upload-file.pl
+++ b/tools/upload-file.pl
@@ -38,7 +38,7 @@ use C4::UploadedFile;
 # have been created.
 
 my %cookies = fetch CGI::Cookie;
-my ($auth_status, $sessionID) = check_cookie_auth($cookies{'CGISESSID'}->value, { tools => 1 });
+my ($auth_status, $sessionID) = check_cookie_auth($cookies{'CGISESSID'}->value, { tools => '*' });
 if ($auth_status ne "ok") {
     $auth_status = 'denied' if $auth_status eq 'failed';
     send_reply($auth_status, "");
diff --git a/tools/viewlog.pl b/tools/viewlog.pl
index b5505d2e5e..737e73e7f4 100755
--- a/tools/viewlog.pl
+++ b/tools/viewlog.pl
@@ -64,7 +64,7 @@ my ( $template, $borrowernumber, $cookie ) = get_template_and_user(
         query           => $input,
         type            => "intranet",
         authnotrequired => 0,
-        flagsrequired   => { tools => 1 },
+        flagsrequired   => { tools => 'view_system_logs' },
         debug           => 1,
     }
 );
-- 
2.39.5