From 9215ca42d28bec10f55a9c660bb5816045bb9656 Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Sat, 22 Jun 2019 19:29:42 -0500 Subject: [PATCH] Bug 22786: Prevent fund creation for locked budgets If a budget is locked, there is a "New fund for $budget" link that is disabled but clickable. We should ensure that the link is not clickable and prevent it at controller level (do we need it at module level, ie. Koha::Acquisition::Fund->store?) Test plan: - Create a budget, lock it - Go to /cgi-bin/koha/admin/aqbudgetperiods.pl - Click on the name of the budget you just created => The "New > New fund for $budget_name" button should be disabled - Click it anyway => Without this patch the form to add a new fund is displayed => With this patch applied nothing happens - Hit /cgi-bin/koha/admin/aqbudgets.pl?op=add_form&budget_period_id=XXX With XXX the budget's id => Without this patch the form is displayed => With this patch applied you get a message: "The budget is locked, fund creation is not possible." And you are not able to create a new fund QA notes: 1. See description 2. The add_validate op can still be forced, let trust librarians with administration permissions for now. Signed-off-by: Hayley Mapley Signed-off-by: Nick Clemens Signed-off-by: Martin Renvoize --- admin/aqbudgets.pl | 2 ++ koha-tmpl/intranet-tmpl/prog/en/includes/blocking_errors.inc | 2 ++ .../intranet-tmpl/prog/en/includes/budgets-admin-toolbar.inc | 5 ++++- 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/admin/aqbudgets.pl b/admin/aqbudgets.pl index 44f0d7fd08..684e0e2159 100755 --- a/admin/aqbudgets.pl +++ b/admin/aqbudgets.pl @@ -115,6 +115,8 @@ if ($op eq 'add_form') { } $dropbox_disabled = BudgetHasChildren($budget_id); $budget->{budget_owner} = Koha::Patrons->find( $budget->{budget_owner_id} ); + } elsif ( $period->{budget_period_locked} ) { + output_and_exit( $input, $cookie, $template, 'budget_is_locked' ); } # build budget hierarchy diff --git a/koha-tmpl/intranet-tmpl/prog/en/includes/blocking_errors.inc b/koha-tmpl/intranet-tmpl/prog/en/includes/blocking_errors.inc index 8db6e956db..510d95fbc2 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/includes/blocking_errors.inc +++ b/koha-tmpl/intranet-tmpl/prog/en/includes/blocking_errors.inc @@ -15,6 +15,8 @@
Vendor not found.
[% CASE 'wrong_csrf_token' %]
The form submission failed (Wrong CSRF token). Try to come back, refresh the page, then try again.
+ [% CASE 'budget_is_locked' %] +
The budget is locked, fund creation is not possible.
[% CASE %][% blocking_error | html %] [% END %] diff --git a/koha-tmpl/intranet-tmpl/prog/en/includes/budgets-admin-toolbar.inc b/koha-tmpl/intranet-tmpl/prog/en/includes/budgets-admin-toolbar.inc index 2a2cd830ad..05b0961bc7 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/includes/budgets-admin-toolbar.inc +++ b/koha-tmpl/intranet-tmpl/prog/en/includes/budgets-admin-toolbar.inc @@ -7,10 +7,13 @@
  • New budget
  • [% IF ( budget_period_locked || !CAN_user_acquisition_budget_add_del ) %]
  • + New fund for [% budget_period_description | html %] +
  • [% ELSE %]
  • + New fund for [% budget_period_description | html %] +
  • [% END %] - New fund for [% budget_period_description | html %] -- 2.39.5