From fc75a344b89198e7e12a534111132cb7f37baf18 Mon Sep 17 00:00:00 2001 From: Thibaud Guillot Date: Thu, 30 Nov 2023 15:14:42 +0100 Subject: [PATCH] Bug 30230: Add new 'list_borrowers' permission When a patron search is performed only a user with edit_borrowers permission can search by name. Search can works only with cardnumber but it makes searching less intuitive I think. So, as mentioned in the discussion, I've added a new 'list_borrowers' permission, completely independent of 'edit_borrowers', so that I can search for a member via the interface and get the results. In addition to the permission to perform check in and checkouts, this no longer poses an obstacle to simple use. Test plan: 1) Check with a user without 'edit_borrowers' permission that the patron search can only be performed with cardnumber 2) Apply this patch 3) Make the updatedatabase to add new 'list_borrowers' permissions 4) Set 'list_borrowers' permission on one user and see the difference Signed-off-by: Andrew Fuerste-Henry Signed-off-by: Emmi Takkinen Signed-off-by: Victor Grousset/tuxayo Signed-off-by: David Cook Signed-off-by: Martin Renvoize Signed-off-by: Katrin Fischer --- api/v1/swagger/paths/patrons.yaml | 1 + ...ug_30230_add-new-list-borrowers-permission.pl | 16 ++++++++++++++++ .../data/mysql/mandatory/userpermissions.sql | 1 + .../prog/en/includes/patron-search-header.inc | 8 +++++--- .../prog/en/includes/permissions.inc | 5 +++++ .../prog/en/modules/intranet-main.tt | 2 +- members/member.pl | 2 +- members/members-home.pl | 2 +- members/moremember.pl | 2 +- 9 files changed, 32 insertions(+), 7 deletions(-) create mode 100755 installer/data/mysql/atomicupdate/bug_30230_add-new-list-borrowers-permission.pl diff --git a/api/v1/swagger/paths/patrons.yaml b/api/v1/swagger/paths/patrons.yaml index a2e86ec2a8..7efa3bceb7 100644 --- a/api/v1/swagger/paths/patrons.yaml +++ b/api/v1/swagger/paths/patrons.yaml @@ -397,6 +397,7 @@ - tools: "label_creator" - serials: "routing" - acquisition: "order_manage" + - borrowers: "list_borrowers" post: x-mojo-to: Patrons#add operationId: addPatron diff --git a/installer/data/mysql/atomicupdate/bug_30230_add-new-list-borrowers-permission.pl b/installer/data/mysql/atomicupdate/bug_30230_add-new-list-borrowers-permission.pl new file mode 100755 index 0000000000..88772b4886 --- /dev/null +++ b/installer/data/mysql/atomicupdate/bug_30230_add-new-list-borrowers-permission.pl @@ -0,0 +1,16 @@ +use Modern::Perl; + +return { + bug_number => "BUG_30230", + description => "Add new list_borrowers permission", + up => sub { + my ($args) = @_; + my ( $dbh, $out ) = @$args{qw(dbh out)}; + + $dbh->do( + "INSERT IGNORE INTO permissions (module_bit, code, description) VALUES (4, 'list_borrowers', 'Search and list patrons')" + ); + + say $out "Added new permission 'list_borrowers'"; + }, +}; diff --git a/installer/data/mysql/mandatory/userpermissions.sql b/installer/data/mysql/mandatory/userpermissions.sql index 7e52abd262..ad51b5736c 100644 --- a/installer/data/mysql/mandatory/userpermissions.sql +++ b/installer/data/mysql/mandatory/userpermissions.sql @@ -45,6 +45,7 @@ INSERT INTO permissions (module_bit, code, description) VALUES ( 3, 'manage_identity_providers', 'Manage identity providers'), ( 4, 'delete_borrowers', 'Delete patrons'), ( 4, 'edit_borrowers', 'Add, modify and view patron information'), + ( 4, 'list_borrowers', 'Search and list patrons'), ( 4, 'view_borrower_infos_from_any_libraries', 'View patron infos from any libraries'), ( 6, 'place_holds', 'Place holds for patrons'), ( 6, 'modify_holds_priority', 'Modify holds priority'), diff --git a/koha-tmpl/intranet-tmpl/prog/en/includes/patron-search-header.inc b/koha-tmpl/intranet-tmpl/prog/en/includes/patron-search-header.inc index b3a21080be..cbb8c8bda9 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/includes/patron-search-header.inc +++ b/koha-tmpl/intranet-tmpl/prog/en/includes/patron-search-header.inc @@ -14,9 +14,11 @@ [% END %]