From 603ad3a094686cb6c345467f994f52282576923c Mon Sep 17 00:00:00 2001 From: Katrin Fischer Date: Sun, 20 May 2018 02:42:28 +0200 Subject: [PATCH] Bug 20793: Don't show a holds link in staff for users without permission On the results list in staff the 'Holds (x)' link always shows independent of the permissions of the staff user. This patch tightens the permission checks on the result page to explicitly check for the place_holds permission. To test: - Create a staff user with place_holds permission - Check the result list, you should see 2 links to the holds page: - 'Place holds' on top of the results list - 'Holds (x)' at the bottom of each entry in the results list - Verify both links work - Create a staff user without place_holds_permission - Without the patch you'll see the second link, but it will lead to a permission error - With the patch you'll still see the 'Holds (x)', but it will no longer be a link. - Go to the detail page of a record with an existing hold. - Repeat test with both staff users. - One time the Hold information in the bibliographic information should show as a link, the other time as a simple text. Displaying the information about existing holds still make sense as this is the current beheviour. Signed-off-by: Owen Leonard Signed-off-by: Jonathan Druart Signed-off-by: Nick Clemens --- .../intranet-tmpl/prog/en/modules/catalogue/detail.tt | 6 +++++- .../intranet-tmpl/prog/en/modules/catalogue/results.tt | 10 +++++++--- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/detail.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/detail.tt index e6361be04d..60fc95560c 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/detail.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/detail.tt @@ -112,7 +112,11 @@ Holds: - [% holdcount %] + [% IF CAN_user_reserveforothers_place_holds %] + [% holdcount %] + [% ELSE %] + [% holdcount %] + [% END %] [% END %] diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/results.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/results.tt index bb294cd92e..c2fb64c220 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/results.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/results.tt @@ -119,7 +119,7 @@ [% END %] - [% IF ( CAN_user_reserveforothers && DisplayMultiPlaceHold ) %] + [% IF ( CAN_user_reserveforothers_place_holds && DisplayMultiPlaceHold ) %] [% IF ( holdfor ) %]
@@ -441,8 +441,12 @@ [% IF ( SEARCH_RESULT.norequests ) %] No holds allowed [% ELSE %] - Holds ([% Biblio.HoldsCount( SEARCH_RESULT.biblionumber ) %]) - [% IF ( holdfor ) %] | Place hold for [% holdfor_firstname %] [% holdfor_surname %] ([% holdfor_cardnumber %])[% END %] + [% IF CAN_user_reserveforothers_place_holds %] + Holds ([% Biblio.HoldsCount( SEARCH_RESULT.biblionumber ) %]) + [% IF ( holdfor ) %] | Place hold for [% holdfor_firstname %] [% holdfor_surname %] ([% holdfor_cardnumber %])[% END %] + [% ELSE %] + Holds ([% Biblio.HoldsCount( SEARCH_RESULT.biblionumber ) %]) + [% END %] [% END %] [% IF Koha.Preference('intranetbookbag') == 1 %] -- 2.39.5