From a86872068c9a0126191ff99caaa29a7cb04c4dd5 Mon Sep 17 00:00:00 2001 From: Janusz Kaczmarek Date: Thu, 24 Feb 2022 21:26:46 +0100 Subject: [PATCH] Bug 30178: (bugs 27526 and 28445 follow-up) Every librarian can edit every item with IndependentBranches on Problem arises after applying bugfix 27526 and 28445: with IndependentBranches on, a librarian without superlibrarian privileges, can edit (and potentially delete) every item (i.e. also from a foreign branch). This is because can_be_edited calculation is buggy (in two spots). Test plan: 1. Have (at least) two branches defined. 2. Have IndependentBranches set. 3. Have a biblio record with items belonging to different branches. 4. Be a librarian without superlibrarian rights, with editcatalogue and tool permissions set. Scenario A (Edit items): 1. Go to Edit -> Edit items view (cataloguing/additems.pl). 2. You will be able to edit every item, also ones not from the branch you are from (cf. the button 'Actions'). 3. Apply the patch. 4. Repeat 1. 5. You should be able to edit only the items from your branch. Scenario B (Edit items in batch): 1. From Normal view go to Edit -> Edit items in batch. 2. You will be able to batch edit every item, also ones not from the branch you are from. 3. Apply the patch. 4. Repeat 1. 5. You should be able to edit only the items from your branch (and see 'Cannot edit' for others. Scenario C (Delete items in batch): 1. From Normal view go to Edit -> Delete items in batch. 2. You will not see the string 'Cannot delete' and only by chance will not be able to activate the checkboxes next to foreign items. 3. Apply the patch. 4. Repeat 1. 5. You should be able to delete only the items from your branch (and see 'Cannot delete' for others. Scenario D and E: Analogous steps can be executed from Tools -> Batch item modification and Tools -> Batch item deletion Signed-off-by: Katrin Fischer Signed-off-by: Martin Renvoize Signed-off-by: Fridolin Somers Signed-off-by: Kyle M Hall --- koha-tmpl/intranet-tmpl/prog/en/includes/html_helpers.inc | 2 +- koha-tmpl/intranet-tmpl/prog/en/modules/cataloguing/additem.tt | 2 +- koha-tmpl/intranet-tmpl/prog/en/modules/tools/batchMod-del.tt | 2 ++ koha-tmpl/intranet-tmpl/prog/en/modules/tools/batchMod-edit.tt | 1 + 4 files changed, 5 insertions(+), 2 deletions(-) diff --git a/koha-tmpl/intranet-tmpl/prog/en/includes/html_helpers.inc b/koha-tmpl/intranet-tmpl/prog/en/includes/html_helpers.inc index a2ea6ebd20..7908d737c9 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/includes/html_helpers.inc +++ b/koha-tmpl/intranet-tmpl/prog/en/includes/html_helpers.inc @@ -246,7 +246,7 @@ [% FOREACH item IN items %] - [% SET can_be_edited = ! ( Koha.Preference('IndependentBranches') && ! logged_in_user && item.homebranch != Branches.GetLoggedInBranchcode() ) %] + [% SET can_be_edited = ! ( Koha.Preference('IndependentBranches') && ! logged_in_user.is_superlibrarian && item.homebranch != Branches.GetLoggedInBranchname() ) %] [% IF checkboxes_edit %] diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/cataloguing/additem.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/cataloguing/additem.tt index 825e4c1c3a..aa02320f52 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/cataloguing/additem.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/cataloguing/additem.tt @@ -80,7 +80,7 @@ [% FOREACH item IN items %] - [% SET can_be_edited = ! ( Koha.Preference('IndependentBranches') && ! logged_in_user && item.homebranch != Branches.GetLoggedInBranchcode() ) %] + [% SET can_be_edited = ! ( Koha.Preference('IndependentBranches') && ! logged_in_user.is_superlibrarian && item.homebranch != Branches.GetLoggedInBranchname() ) %] [% IF item.itemnumber == itemnumber%] [% UNLESS can_be_edited %] diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/tools/batchMod-del.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/tools/batchMod-del.tt index 4c09f219d9..7b266f8173 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/tools/batchMod-del.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/tools/batchMod-del.tt @@ -1,6 +1,8 @@ [% USE raw %] +[% USE Koha %] [% USE KohaDates %] [% USE Asset %] +[% USE Branches %] [% SET footerjs = 1 %] [% PROCESS 'i18n.inc' %] [% INCLUDE 'doc-head-open.inc' %] diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/tools/batchMod-edit.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/tools/batchMod-edit.tt index a7207e4b0b..c2cdfc8d5b 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/tools/batchMod-edit.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/tools/batchMod-edit.tt @@ -2,6 +2,7 @@ [% USE Asset %] [% USE Koha %] [% USE KohaDates %] +[% USE Branches %] [% SET footerjs = 1 %] [% INCLUDE 'doc-head-open.inc' %] Batch item modification › Tools › Koha -- 2.39.5