From 40c225904281e93c37cc993ef0cc65710af54813 Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Tue, 14 Jul 2015 18:07:37 +0100 Subject: [PATCH] Bug 14354: Prevent edition of items from other branches if IndependentBranches is on MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit If IdependentBranches is ON, to edit/delete items from other branches you need to be superlibrarian. Currently a "simple" staff user cannot edit them from the edit item page but from the catalogue detail page. The edit links should not be displayed on this table. Test plan: O/ Set IndependentBranches to "Prevent". Create a record and add 2 items: Set homebranch to L1 for item I1. Set homebranch to L2 for item I2. 1/ With a superlibrarian user, you should be able to edit both items. 2/ With a "simple" user attached to L1, you should only be able to edit I1. The edit links should not be displayed for I2. Note that the checkbox is displayed on the catalogue detail page (item list), but on the batch tools, it won't be possible to select non-modifiable items. TODO: Add a server-side check. Indeed it is still possible to edit an item if the user know the url. Followed test plan. Works as expected. Signed-off-by: Marc Véron Signed-off-by: Katrin Fischer Signed-off-by: Tomas Cohen Arazi (cherry picked from commit bcab2416399e93f5ce9b1083395c052046d5d02a) Signed-off-by: Chris Cormack (cherry picked from commit 28fe340ea75475903a1063f734dec45781d35f90) Signed-off-by: Liz Rea --- catalogue/detail.pl | 9 ++++++++- .../intranet-tmpl/prog/en/modules/catalogue/detail.tt | 7 +++++-- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/catalogue/detail.pl b/catalogue/detail.pl index 4bbc1a62e2..2462e40635 100755 --- a/catalogue/detail.pl +++ b/catalogue/detail.pl @@ -199,7 +199,6 @@ if ($currentbranch and C4::Context->preference('SeparateHoldings')) { my $separatebranch = C4::Context->preference('SeparateHoldingsBranch') || 'homebranch'; foreach my $item (@items) { my $itembranchcode = $item->{$separatebranch}; - $item->{homebranch} = GetBranchName($item->{homebranch}); # can place holds defaults to yes $norequests = 0 unless ( ( $item->{'notforloan'} > 0 ) || ( $item->{'itemnotforloan'} > 0 ) ); @@ -279,6 +278,14 @@ foreach my $item (@items) { $item->{'course_reserves'} = GetItemCourseReservesInfo( itemnumber => $item->{'itemnumber'} ); } + if ( C4::Context->preference('IndependentBranches') ) { + my $userenv = C4::Context->userenv(); + if ( not C4::Context->IsSuperLibrarian() + and $userenv->{branch} ne $item->{homebranch} ) { + $item->{cannot_be_edited} = 1; + } + } + if ($currentbranch and $currentbranch ne "NO_LIBRARY_SET" and C4::Context->preference('SeparateHoldings')) { if ($itembranchcode and $itembranchcode eq $currentbranch) { diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/detail.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/detail.tt index 7fa0dcc535..5d40dd1597 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/detail.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/detail.tt @@ -1,6 +1,7 @@ [% USE Koha %] [% USE KohaDates %] [% USE AuthorisedValues %] +[% USE Branches %] [% ShowCourseReserves = 0 %] [% IF UseCourseReserves %] @@ -623,7 +624,7 @@ function verify_images() { [% END %] [% UNLESS ( singlebranchmode ) %][% item.branchname %] [% END %] - [% item.homebranch %][% item.location %] + [% Branches.GetName(item.homebranch) %][% item.location %] [% IF ( itemdata_ccode ) %][% item.ccode %][% END %] [% IF ( item.itemcallnumber ) %] [% item.itemcallnumber %][% END %] @@ -802,8 +803,10 @@ function verify_images() { [% END %] [% END %] - [% IF ( CAN_user_editcatalogue_edit_items ) %] + [% IF CAN_user_editcatalogue_edit_items and not item.cannot_be_edited %] Edit + [% ELSE %] + [% END %] [% END %] -- 2.39.5