From d2052311cb232f98c801eb52d602b8970b38bc26 Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Mon, 12 Nov 2012 14:15:42 +0100 Subject: [PATCH] Bug 8435: add permission to enable editing other library's serials if IndependantBranches is on In the serial module, we want to hide serials from others libraries. However, to permit central serials manage, this patch introduces a new permission, 'superserials'. If a staff member has this permission, that person can override the restriction. Test plan: - Switch on the IndependantBranches syspref - Add the permission 'superserials' for a patron and test you can navigate and see all serials - Remove this permission and test you cannot manage/view subscriptions from others libraries Signed-off-by: Frederic Durand Signed-off-by: Katrin Fischer Signed-off-by: Galen Charlton --- C4/Auth.pm | 4 +- C4/Serials.pm | 116 ++++++++---------- .../mysql/de-DE/mandatory/userpermissions.sql | 1 + .../mysql/en/mandatory/userpermissions.sql | 1 + .../mysql/es-ES/mandatory/userpermissions.sql | 1 + .../fr-FR/1-Obligatoire/userpermissions.sql | 1 + .../mysql/it-IT/necessari/userpermissions.sql | 1 + .../nb-NO/1-Obligatorisk/userpermissions.sql | 1 + .../mysql/pl-PL/mandatory/userpermissions.sql | 1 + .../mandatory/permissions_and_user_flags.sql | 1 + .../mandatory/permissions_and_user_flags.sql | 1 + installer/data/mysql/updatedatabase.pl | 6 + .../prog/en/modules/serials/serials-search.tt | 10 +- serials/serials-collection.pl | 4 +- serials/serials-edit.pl | 1 + serials/serials-search.pl | 6 +- serials/subscription-add.pl | 17 ++- serials/subscription-detail.pl | 33 ++--- 18 files changed, 100 insertions(+), 106 deletions(-) diff --git a/C4/Auth.pm b/C4/Auth.pm index d73edaf5f7..9801f7691a 100644 --- a/C4/Auth.pm +++ b/C4/Auth.pm @@ -1615,7 +1615,6 @@ sub getuserflags { $userflags->{$flag} = 0; } } - # get subpermissions and merge with top-level permissions my $user_subperms = get_user_subpermissions($userid); foreach my $module (keys %$user_subperms) { @@ -1711,7 +1710,8 @@ sub haspermission { my ($userid, $flagsrequired) = @_; my $sth = C4::Context->dbh->prepare("SELECT flags FROM borrowers WHERE userid=?"); $sth->execute($userid); - my $flags = getuserflags($sth->fetchrow(), $userid); + my $row = $sth->fetchrow(); + my $flags = getuserflags($row, $userid); if ( $userid eq C4::Context->config('user') ) { # Super User Account from /etc/koha.conf $flags->{'superlibrarian'} = 1; diff --git a/C4/Serials.pm b/C4/Serials.pm index 86f3c0b6f5..72d6badfa1 100644 --- a/C4/Serials.pm +++ b/C4/Serials.pm @@ -20,6 +20,7 @@ package C4::Serials; use Modern::Perl; +use C4::Context; use C4::Dates qw(format_date format_date_in_iso); use Date::Calc qw(:all); use POSIX qw(strftime setlocale LC_TIME); @@ -228,15 +229,7 @@ sub GetSerialInformation { my ($serialid) = @_; my $dbh = C4::Context->dbh; my $query = qq| - SELECT serial.*, serial.notes as sernotes, serial.status as serstatus,subscription.*,subscription.subscriptionid as subsid |; - if ( C4::Context->preference('IndependentBranches') - && C4::Context->userenv - && C4::Context->userenv->{'flags'} != 1 - && C4::Context->userenv->{'branch'} ) { - $query .= " - , ((subscription.branchcode <>\"" . C4::Context->userenv->{'branch'} . "\") and subscription.branchcode <>\"\" and subscription.branchcode IS NOT NULL) as cannotedit "; - } - $query .= qq| + SELECT serial.*, serial.notes as sernotes, serial.status as serstatus,subscription.*,subscription.subscriptionid as subsid FROM serial LEFT JOIN subscription ON subscription.subscriptionid=serial.subscriptionid WHERE serialid = ? |; @@ -275,6 +268,7 @@ sub GetSerialInformation { $data->{ "status" . $data->{'serstatus'} } = 1; $data->{'subscriptionexpired'} = HasSubscriptionExpired( $data->{'subscriptionid'} ) && $data->{'status'} == 1; $data->{'abouttoexpire'} = abouttoexpire( $data->{'subscriptionid'} ); + $data->{cannotedit} = not can_edit_subscription( $data ); return $data; } @@ -339,15 +333,7 @@ sub GetSubscription { subscriptionhistory.*, aqbooksellers.name AS aqbooksellername, biblio.title AS bibliotitle, - subscription.biblionumber as bibnum); - if ( C4::Context->preference('IndependentBranches') - && C4::Context->userenv - && C4::Context->userenv->{'flags'} != 1 - && C4::Context->userenv->{'branch'} ) { - $query .= " - , ((subscription.branchcode <>\"" . C4::Context->userenv->{'branch'} . "\") and subscription.branchcode <>\"\" and subscription.branchcode IS NOT NULL) as cannotedit "; - } - $query .= qq( + subscription.biblionumber as bibnum FROM subscription LEFT JOIN subscriptionhistory ON subscription.subscriptionid=subscriptionhistory.subscriptionid LEFT JOIN aqbooksellers ON subscription.aqbooksellerid=aqbooksellers.id @@ -355,16 +341,12 @@ sub GetSubscription { WHERE subscription.subscriptionid = ? ); - # if (C4::Context->preference('IndependentBranches') && - # C4::Context->userenv && - # C4::Context->userenv->{'flags'} != 1){ - # # $debug and warn "flags: ".C4::Context->userenv->{'flags'}; - # $query.=" AND subscription.branchcode IN ('".C4::Context->userenv->{'branch'}."',\"\")"; - # } $debug and warn "query : $query\nsubsid :$subscriptionid"; my $sth = $dbh->prepare($query); $sth->execute($subscriptionid); - return $sth->fetchrow_hashref; + my $subscription = $sth->fetchrow_hashref; + $subscription->{cannotedit} = not can_edit_subscription( $subscription ); + return $subscription; } =head2 GetFullSubscription @@ -391,15 +373,7 @@ sub GetFullSubscription { aqbooksellers.name as aqbooksellername, biblio.title as bibliotitle, subscription.branchcode AS branchcode, - subscription.subscriptionid AS subscriptionid |; - if ( C4::Context->preference('IndependentBranches') - && C4::Context->userenv - && C4::Context->userenv->{'flags'} != 1 - && C4::Context->userenv->{'branch'} ) { - $query .= " - , ((subscription.branchcode <>\"" . C4::Context->userenv->{'branch'} . "\") and subscription.branchcode <>\"\" and subscription.branchcode IS NOT NULL) as cannotedit "; - } - $query .= qq| + subscription.subscriptionid AS subscriptionid FROM serial LEFT JOIN subscription ON (serial.subscriptionid=subscription.subscriptionid ) @@ -413,7 +387,11 @@ sub GetFullSubscription { $debug and warn "GetFullSubscription query: $query"; my $sth = $dbh->prepare($query); $sth->execute($subscriptionid); - return $sth->fetchall_arrayref( {} ); + my $subscriptions = $sth->fetchall_arrayref( {} ); + for my $subscription ( @$subscriptions ) { + $subscription->{cannotedit} = not can_edit_subscription( $subscription ); + } + return $subscriptions; } =head2 PrepareSerialsData @@ -514,13 +492,6 @@ sub GetSubscriptionsFromBiblionumber { $subs->{ "periodicity" . $subs->{periodicity} } = 1; $subs->{ "numberpattern" . $subs->{numberpattern} } = 1; $subs->{ "status" . $subs->{'status'} } = 1; - $subs->{'cannotedit'} = - ( C4::Context->preference('IndependentBranches') - && C4::Context->userenv - && C4::Context->userenv->{flags} % 2 != 1 - && C4::Context->userenv->{branch} - && $subs->{branchcode} - && ( C4::Context->userenv->{branch} ne $subs->{branchcode} ) ); if ( $subs->{enddate} eq '0000-00-00' ) { $subs->{enddate} = ''; @@ -529,6 +500,7 @@ sub GetSubscriptionsFromBiblionumber { } $subs->{'abouttoexpire'} = abouttoexpire( $subs->{'subscriptionid'} ); $subs->{'subscriptionexpired'} = HasSubscriptionExpired( $subs->{'subscriptionid'} ); + $subs->{cannotedit} = not can_edit_subscription( $subs ); push @res, $subs; } return \@res; @@ -554,16 +526,7 @@ sub GetFullSubscriptionsFromBiblionumber { year(IF(serial.publisheddate="00-00-0000",serial.planneddate,serial.publisheddate)) as year, biblio.title as bibliotitle, subscription.branchcode AS branchcode, - subscription.subscriptionid AS subscriptionid|; - if ( C4::Context->preference('IndependentBranches') - && C4::Context->userenv - && C4::Context->userenv->{'flags'} != 1 - && C4::Context->userenv->{'branch'} ) { - $query .= " - , ((subscription.branchcode <>\"" . C4::Context->userenv->{'branch'} . "\") and subscription.branchcode <>\"\" and subscription.branchcode IS NOT NULL) as cannotedit "; - } - - $query .= qq| + subscription.subscriptionid AS subscriptionid FROM serial LEFT JOIN subscription ON (serial.subscriptionid=subscription.subscriptionid) @@ -576,7 +539,11 @@ sub GetFullSubscriptionsFromBiblionumber { |; my $sth = $dbh->prepare($query); $sth->execute($biblionumber); - return $sth->fetchall_arrayref( {} ); + my $subscriptions = $sth->fetchall_arrayref( {} ); + for my $subscription ( @$subscriptions ) { + $subscription->{cannotedit} = not can_edit_subscription( $subscription ); + } + return $subscriptions; } =head2 GetSubscriptions @@ -651,19 +618,11 @@ sub GetSubscriptions { $debug and warn "GetSubscriptions query: $sql params : ", join( " ", @bind_params ); $sth = $dbh->prepare($sql); $sth->execute(@bind_params); - my @results; - - while ( my $line = $sth->fetchrow_hashref ) { - $line->{'cannotedit'} = - ( C4::Context->preference('IndependentBranches') - && C4::Context->userenv - && C4::Context->userenv->{flags} % 2 != 1 - && C4::Context->userenv->{branch} - && $line->{branchcode} - && ( C4::Context->userenv->{branch} ne $line->{branchcode} ) ); - push @results, $line; - } - return @results; + my $subscriptions = $sth->fetchall_arrayref( {} ); + for my $subscription ( @$subscriptions ) { + $subscription->{cannotedit} = not can_edit_subscription( $subscription ); + } + return @$subscriptions; } =head2 SearchSubscriptions @@ -748,6 +707,13 @@ sub SearchSubscriptions { my $results = $sth->fetchall_arrayref( {} ); $sth->finish; + for my $subscription ( @$results ) { + $subscription->{cannotedit} = not can_edit_subscription( $subscription ); + $subscription->{cannotdisplay} = + ( C4::Context->preference("IndependentBranches") + and $subscription->{branchcode} ne C4::Context->userenv->{'branch'} ) ? 1 : 0; + } + return @$results; } @@ -2828,6 +2794,24 @@ sub subscriptionCurrentlyOnOrder { return $sth->fetchrow_array; } +sub can_edit_subscription { + my ( $subscription, $userid ) = @_; + my $flags = C4::Context->userenv->{flags}; + $userid ||= C4::Context->userenv->{'id'}; + my $independent_branches = C4::Context->preference('IndependentBranches'); + return 1 unless $independent_branches; + if( $flags % 2 == 1 # superlibrarian + or C4::Auth::haspermission( $userid, {serials => 'superserials'}), + or C4::Auth::haspermission( $userid, {serials => 'edit_subscription'}), + or not defined $subscription->{branchcode} + or $subscription->{branchcode} eq '' + or $subscription->{branchcode} eq C4::Context->userenv->{'branch'} + ) { + return 1; + } + return 0; +} + 1; __END__ diff --git a/installer/data/mysql/de-DE/mandatory/userpermissions.sql b/installer/data/mysql/de-DE/mandatory/userpermissions.sql index 2824c04d58..bcaba9bb5c 100644 --- a/installer/data/mysql/de-DE/mandatory/userpermissions.sql +++ b/installer/data/mysql/de-DE/mandatory/userpermissions.sql @@ -52,6 +52,7 @@ INSERT INTO permissions (module_bit, code, description) VALUES (15, 'receive_serials', 'Zugang von Heften'), (15, 'renew_subscription', 'Abonnements verlängern'), (15, 'routing', 'Umlauflisten verwalten'), + (15, 'superserials', 'Manage subscriptions from any branch (only applies when IndependantBranches is used)'), (16, 'execute_reports', 'SQL-Reports ausführen'), (16, 'create_reports', 'SQL-Reports erstellen'), (18, 'manage_courses', 'Add, edit and delete courses'), diff --git a/installer/data/mysql/en/mandatory/userpermissions.sql b/installer/data/mysql/en/mandatory/userpermissions.sql index 702d6d3853..e758e315ce 100644 --- a/installer/data/mysql/en/mandatory/userpermissions.sql +++ b/installer/data/mysql/en/mandatory/userpermissions.sql @@ -52,6 +52,7 @@ INSERT INTO permissions (module_bit, code, description) VALUES (15, 'receive_serials', 'Serials receiving'), (15, 'renew_subscription', 'Renew a subscription'), (15, 'routing', 'Routing'), + (15, 'superserials', 'Manage subscriptions from any branch (only applies when IndependantBranches is used)'), (16, 'execute_reports', 'Execute SQL reports'), (16, 'create_reports', 'Create SQL Reports'), (18, 'manage_courses', 'Add, edit and delete courses'), diff --git a/installer/data/mysql/es-ES/mandatory/userpermissions.sql b/installer/data/mysql/es-ES/mandatory/userpermissions.sql index 702d6d3853..e758e315ce 100644 --- a/installer/data/mysql/es-ES/mandatory/userpermissions.sql +++ b/installer/data/mysql/es-ES/mandatory/userpermissions.sql @@ -52,6 +52,7 @@ INSERT INTO permissions (module_bit, code, description) VALUES (15, 'receive_serials', 'Serials receiving'), (15, 'renew_subscription', 'Renew a subscription'), (15, 'routing', 'Routing'), + (15, 'superserials', 'Manage subscriptions from any branch (only applies when IndependantBranches is used)'), (16, 'execute_reports', 'Execute SQL reports'), (16, 'create_reports', 'Create SQL Reports'), (18, 'manage_courses', 'Add, edit and delete courses'), diff --git a/installer/data/mysql/fr-FR/1-Obligatoire/userpermissions.sql b/installer/data/mysql/fr-FR/1-Obligatoire/userpermissions.sql index ca75ee2e66..ae750f9cbc 100644 --- a/installer/data/mysql/fr-FR/1-Obligatoire/userpermissions.sql +++ b/installer/data/mysql/fr-FR/1-Obligatoire/userpermissions.sql @@ -52,6 +52,7 @@ INSERT INTO permissions (module_bit, code, description) VALUES (15, 'receive_serials', 'Bulletiner les périodiques'), (15, 'renew_subscription', 'Renouveler les abonnements'), (15, 'routing', 'Mettre en circulation'), + (15, 'superserials', 'Manage subscriptions from any branch (only applies when IndependantBranches is used)'), (16, 'execute_reports', 'Lancer les rapports SQL'), (16, 'create_reports', 'Créer les rapports SQL Reports'), (18, 'manage_courses', 'Add, edit and delete courses'), diff --git a/installer/data/mysql/it-IT/necessari/userpermissions.sql b/installer/data/mysql/it-IT/necessari/userpermissions.sql index 8016fb61a6..1a00c1dfc1 100644 --- a/installer/data/mysql/it-IT/necessari/userpermissions.sql +++ b/installer/data/mysql/it-IT/necessari/userpermissions.sql @@ -54,6 +54,7 @@ INSERT INTO permissions (module_bit, code, description) VALUES (15, 'receive_serials', 'Ricevi fascicoli'), (15, 'renew_subscription', 'Rinnova un abbonamento'), (15, 'routing', 'Crea/Manipola liste di distribuzione dei fascicoli ( routing list)'), + (15, 'superserials', 'Manage subscriptions from any branch (only applies when IndependantBranches is used)'), (16, 'execute_reports', 'Esegui reports SQL'), (16, 'create_reports', 'Crea reports SQL'), (18, 'manage_courses', 'Add, edit and delete courses'), diff --git a/installer/data/mysql/nb-NO/1-Obligatorisk/userpermissions.sql b/installer/data/mysql/nb-NO/1-Obligatorisk/userpermissions.sql index 85214627ff..3b95597c0f 100644 --- a/installer/data/mysql/nb-NO/1-Obligatorisk/userpermissions.sql +++ b/installer/data/mysql/nb-NO/1-Obligatorisk/userpermissions.sql @@ -72,6 +72,7 @@ INSERT INTO permissions (module_bit, code, description) VALUES (15, 'receive_serials', 'Heftemottak'), (15, 'renew_subscription', 'Fornye abonnementer'), (15, 'routing', 'Sirkulasjon'), + (15, 'superserials', 'Manage subscriptions from any branch (only applies when IndependantBranches is used)'), (16, 'execute_reports', 'Kjøre SQL-rapporter'), (16, 'create_reports', 'Opprette SQL-rapporter'), (18, 'manage_courses', 'Add, edit and delete courses'), diff --git a/installer/data/mysql/pl-PL/mandatory/userpermissions.sql b/installer/data/mysql/pl-PL/mandatory/userpermissions.sql index 9924e780f1..7794da2c04 100644 --- a/installer/data/mysql/pl-PL/mandatory/userpermissions.sql +++ b/installer/data/mysql/pl-PL/mandatory/userpermissions.sql @@ -53,6 +53,7 @@ INSERT INTO permissions (module_bit, code, description) VALUES (15, 'receive_serials', 'Serials receiving'), (15, 'renew_subscription', 'Renew a subscription'), (15, 'routing', 'Routing'), + (15, 'superserials', 'Manage subscriptions from any branch (only applies when IndependantBranches is used)'), (16, 'execute_reports', 'Execute SQL reports'), (16, 'create_reports', 'Create SQL Reports'), (18, 'manage_courses', 'Add, edit and delete courses'), diff --git a/installer/data/mysql/ru-RU/mandatory/permissions_and_user_flags.sql b/installer/data/mysql/ru-RU/mandatory/permissions_and_user_flags.sql index fea6538850..d22d8d0805 100644 --- a/installer/data/mysql/ru-RU/mandatory/permissions_and_user_flags.sql +++ b/installer/data/mysql/ru-RU/mandatory/permissions_and_user_flags.sql @@ -78,6 +78,7 @@ INSERT INTO permissions (module_bit, code, description) VALUES (15, 'receive_serials', 'Serials receiving'), (15, 'renew_subscription', 'Renew a subscription'), (15, 'routing', 'Routing'), + (15, 'superserials', 'Manage subscriptions from any branch (only applies when IndependantBranches is used)'), (16, 'execute_reports', 'Execute SQL reports'), (16, 'create_reports', 'Create SQL Reports'), (18, 'manage_courses', 'Add, edit and delete courses'), diff --git a/installer/data/mysql/uk-UA/mandatory/permissions_and_user_flags.sql b/installer/data/mysql/uk-UA/mandatory/permissions_and_user_flags.sql index b8e809810c..29de3ad1a4 100644 --- a/installer/data/mysql/uk-UA/mandatory/permissions_and_user_flags.sql +++ b/installer/data/mysql/uk-UA/mandatory/permissions_and_user_flags.sql @@ -78,6 +78,7 @@ INSERT INTO permissions (module_bit, code, description) VALUES (15, 'receive_serials', 'Serials receiving'), (15, 'renew_subscription', 'Renew a subscription'), (15, 'routing', 'Routing'), + (15, 'superserials', 'Manage subscriptions from any branch (only applies when IndependantBranches is used)'), (16, 'execute_reports', 'Execute SQL reports'), (16, 'create_reports', 'Create SQL Reports'), (18, 'manage_courses', 'Add, edit and delete courses'), diff --git a/installer/data/mysql/updatedatabase.pl b/installer/data/mysql/updatedatabase.pl index b85ab2d421..ea6c0e47ed 100755 --- a/installer/data/mysql/updatedatabase.pl +++ b/installer/data/mysql/updatedatabase.pl @@ -7646,6 +7646,12 @@ INSERT IGNORE INTO message_transport_types (message_transport_type) values ('pho SetVersion($DBversion); } +$DBversion = "3.13.00.XXX"; +if ( CheckVersion($DBversion) ) { + $dbh->do("INSERT INTO permissions (module_bit, code, description) VALUES(15, 'superserials', 'Manage subscriptions from any branch (only applies when IndependentBranches is used)')"); + print "Upgrade to $DBversion done (Bug 8435: Add superserials permission)\n"; + SetVersion($DBversion); +} =head1 FUNCTIONS diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/serials/serials-search.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/serials/serials-search.tt index 7b2803a243..3edf2232fb 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/serials/serials-search.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/serials/serials-search.tt @@ -141,6 +141,7 @@ [% FOREACH subscription IN openedsubscriptions %] + [% UNLESS subscription.cannotdisplay %] [% IF ( subscription.issn ) %][% subscription.issn %] @@ -177,13 +178,12 @@ Issue history - [% IF ( subscription.cannotedit ) %] -   - [% ELSE %] - [% IF ( CAN_user_serials_receive_serials ) %]Serial receive[% END %] + [% IF ( CAN_user_serials_receive_serials ) %] + Serial receive [% END %] + [% END %] [% END %] @@ -220,6 +220,7 @@ [% FOREACH subscription IN closedsubscriptions %] + [% UNLESS subscription.cannotdisplay %] [% IF ( subscription.issn ) %] @@ -251,6 +252,7 @@ [% END %] + [% END %] [% ELSE %] diff --git a/serials/serials-collection.pl b/serials/serials-collection.pl index 4b9a656ee8..bb1967ba6f 100755 --- a/serials/serials-collection.pl +++ b/serials/serials-collection.pl @@ -37,8 +37,7 @@ my $op = $query->param('op') || q{}; my $nbissues=$query->param('nbissues'); my $dbh = C4::Context->dbh; -my ($template, $loggedinuser, $cookie); -($template, $loggedinuser, $cookie) +my ($template, $loggedinuser, $cookie) = get_template_and_user({template_name => "serials/serials-collection.tmpl", query => $query, type => "intranet", @@ -107,6 +106,7 @@ if (@subscriptionid){ foreach my $subscriptionid (@subscriptionid){ my $subs= GetSubscription($subscriptionid); $closed = 1 if $subs->{closed}; + $subs->{opacnote} =~ s/\n/\/g; $subs->{missinglist} =~ s/\n/\/g; $subs->{recievedlist} =~ s/\n/\/g; diff --git a/serials/serials-edit.pl b/serials/serials-edit.pl index 34f10316f6..8fb2e60129 100755 --- a/serials/serials-edit.pl +++ b/serials/serials-edit.pl @@ -134,6 +134,7 @@ foreach my $serialid (@serialids) { && !$processedserialid{$serialid} ) { my $serinfo = GetSerialInformation($serialid); #TODO duplicates work done by GetSerials2 above + for my $d ( qw( publisheddate planneddate )){ if ( $serinfo->{$d} =~m/^00/ ) { $serinfo->{$d} = q{}; diff --git a/serials/serials-search.pl b/serials/serials-search.pl index bc84ed68fe..552500ef51 100755 --- a/serials/serials-search.pl +++ b/serials/serials-search.pl @@ -96,9 +96,11 @@ if ($routing) { my (@openedsubscriptions, @closedsubscriptions); for my $sub ( @subscriptions ) { unless ( $sub->{closed} ) { - push @openedsubscriptions, $sub; + push @openedsubscriptions, $sub + unless $sub->{cannotdisplay}; } else { - push @closedsubscriptions, $sub; + push @closedsubscriptions, $sub + unless $sub->{cannotdisplay}; } } diff --git a/serials/subscription-add.pl b/serials/subscription-add.pl index a3e57a4627..552b65beb8 100755 --- a/serials/subscription-add.pl +++ b/serials/subscription-add.pl @@ -69,7 +69,8 @@ if ($op eq 'modify' || $op eq 'dup' || $op eq 'modsubscription') { my $subscriptionid = $query->param('subscriptionid'); $subs = GetSubscription($subscriptionid); -## FIXME : Check rights to edit if mod. Could/Should display an error message. + + ## FIXME : Check rights to edit if mod. Could/Should display an error message. if ($subs->{'cannotedit'} && $op eq 'modify'){ carp "Attempt to modify subscription $subscriptionid by ".C4::Context->userenv->{'id'}." not allowed"; print $query->redirect("/cgi-bin/koha/serials/subscription-detail.pl?subscriptionid=$subscriptionid"); @@ -124,10 +125,16 @@ if ($op eq 'modify' || $op eq 'dup' || $op eq 'modsubscription') { } } -my $onlymine=C4::Context->preference('IndependentBranches') && - C4::Context->userenv && - C4::Context->userenv->{flags} % 2 !=1 && - C4::Context->userenv->{branch}; +my $userenv = C4::Context->userenv; +my $onlymine = + C4::Context->preference('IndependentBranches') + && $userenv + && $userenv->{flags} % 2 != 1 + && ( + not C4::Auth::haspermission( $userenv->{id}, { serials => 'superserials' } ) + ) + && $userenv->{branch}; + my $branches = GetBranches($onlymine); my $branchloop; for my $thisbranch (sort { $branches->{$a}->{branchname} cmp $branches->{$b}->{branchname} } keys %{$branches}) { diff --git a/serials/subscription-detail.pl b/serials/subscription-detail.pl index a4ec66c737..0430aaf18e 100755 --- a/serials/subscription-detail.pl +++ b/serials/subscription-detail.pl @@ -34,7 +34,6 @@ my $query = new CGI; my $op = $query->param('op') || q{}; my $issueconfirmed = $query->param('issueconfirmed'); my $dbh = C4::Context->dbh; -my ($template, $loggedinuser, $cookie, $hemisphere); my $subscriptionid = $query->param('subscriptionid'); if ( $op and $op eq "close" ) { @@ -43,29 +42,13 @@ if ( $op and $op eq "close" ) { C4::Serials::ReopenSubscription( $subscriptionid ); } -my $subs = GetSubscription($subscriptionid); - -$subs->{enddate} = GetExpirationDate($subscriptionid); - -if ($op && $op eq 'del') { - if ($subs->{'cannotedit'}){ - carp "Attempt to delete subscription $subscriptionid by ".C4::Context->userenv->{'id'}." not allowed"; - print $query->redirect("/cgi-bin/koha/serials/subscription-detail.pl?subscriptionid=$subscriptionid"); - } - DelSubscription($subscriptionid); - print "Content-Type: text/html\n\n"; - exit; -} - -my ($totalissues,@serialslist) = GetSerials($subscriptionid); -$totalissues-- if $totalissues; # the -1 is to have 0 if this is a new subscription (only 1 issue) # the subscription must be deletable if there is NO issues for a reason or another (should not happend, but...) # Permission needed if it is a deletion (del) : delete_subscription # Permission needed otherwise : * my $permission = ($op eq "del") ? "delete_subscription" : "*"; -($template, $loggedinuser, $cookie) +my ($template, $loggedinuser, $cookie) = get_template_and_user({template_name => "serials/subscription-detail.tmpl", query => $query, type => "intranet", @@ -74,7 +57,12 @@ my $permission = ($op eq "del") ? "delete_subscription" : "*"; debug => 1, }); -$$subs{enddate} ||= GetExpirationDate($subscriptionid); + +my $subs = GetSubscription($subscriptionid); +$subs->{enddate} ||= GetExpirationDate($subscriptionid); + +my ($totalissues,@serialslist) = GetSerials($subscriptionid); +$totalissues-- if $totalissues; # the -1 is to have 0 if this is a new subscription (only 1 issue) if ($op eq 'del') { if ($$subs{'cannotedit'}){ @@ -155,12 +143,7 @@ $template->param( hasRouting => $hasRouting, routing => C4::Context->preference("RoutingSerials"), totalissues => $totalissues, - hemisphere => $hemisphere, - cannotedit =>(C4::Context->preference('IndependentBranches') && - C4::Context->userenv && - C4::Context->userenv->{flags} % 2 !=1 && - C4::Context->userenv->{branch} && $subs->{branchcode} && - (C4::Context->userenv->{branch} ne $subs->{branchcode})), + cannotedit => (not C4::Serials::can_edit_subscription( $subs )), frequency => $frequency, numberpattern => $numberpattern, has_X => ($numberpattern->{'numberingmethod'} =~ /{X}/) ? 1 : 0, -- 2.39.5