From 0db60995a8dd093210ffa772f56b7d5bac28d197 Mon Sep 17 00:00:00 2001 From: Tomas Cohen Arazi Date: Fri, 14 Jul 2023 20:15:41 -0300 Subject: [PATCH] Bug 34288: Allow access to the cataloguing module with `tools` permission Bug 31162 moved the cataloguing tools to a new cataloguing module home page. This prevents people without cataloguing permissions, but with some tools permissions to access things like the labels creator tool. I tracked all permissions on the cataloging-home.tt template, including the Stock Rotation ones which I initially missed because I was focusing on tools. This patch makes the cataloging-home.pl page require either 'cataloguing' or any relevant 'tools' permission to allow access. the page. The staff interface main page and the top bar dropdown are updated using the same logic to display the cataloguing module link. For that purpose, I wrapped the permissions on a sub in `C4::Auth`. To test: 1. Have a patron with only 'catalogue' and some of this permissions: * inventory * items_batchdel * items_batchmod * items_batchmod * label_creator * manage_staged_marc * marc_modification_templates * records_batchdel * records_batchmod * stage_marc_import * upload_cover_images * stockrotation => manage_rotas 2. Log in => FAIL: No link to the cataloguing module, neither in the dropdown 3. Apply this patch 4. Repeat 2 => SUCCESS: You have the link! 5. Play with the different combinations and notice things are sound and correct 6. Sign off :-D Signed-off-by: Kyle M Hall Signed-off-by: Martin Renvoize Signed-off-by: Tomas Cohen Arazi --- C4/Auth.pm | 40 +++++++++++++++++-- cataloguing/cataloging-home.pl | 12 +++--- .../intranet-tmpl/prog/en/includes/header.inc | 2 +- .../prog/en/modules/intranet-main.tt | 2 +- 4 files changed, 45 insertions(+), 11 deletions(-) diff --git a/C4/Auth.pm b/C4/Auth.pm index 3a3c559bad..44e126b4cb 100644 --- a/C4/Auth.pm +++ b/C4/Auth.pm @@ -72,9 +72,9 @@ BEGIN { @ISA = qw(Exporter); @EXPORT_OK = qw( - checkauth check_api_auth get_session check_cookie_auth checkpw checkpw_internal checkpw_hash - get_all_subpermissions get_user_subpermissions track_login_daily in_iprange - get_template_and_user haspermission create_basic_session + checkauth check_api_auth get_session check_cookie_auth checkpw checkpw_internal checkpw_hash + get_all_subpermissions get_cataloguing_page_permissions get_user_subpermissions track_login_daily in_iprange + get_template_and_user haspermission create_basic_session ); $ldap = C4::Context->config('useldapserver') || 0; @@ -471,7 +471,9 @@ sub get_template_and_user { minPasswordLength => $minPasswordLength, ); if ( $in->{'type'} eq "intranet" ) { + $template->param( + can_see_cataloguing_module => haspermission( $user, get_cataloguing_page_permissions() ) ? 1 : 0, AmazonCoverImages => C4::Context->preference("AmazonCoverImages"), AutoLocation => C4::Context->preference("AutoLocation"), PatronAutoComplete => C4::Context->preference("PatronAutoComplete"), @@ -2185,6 +2187,38 @@ sub get_all_subpermissions { return $all_perms; } +=head2 get_cataloguing_page_permissions + + my $required_permissions = get_cataloguing_page_permissions(); + +Returns the required permissions to access the main cataloguing page. Useful for building +the global I template variable, and also for reusing in +I. + +=cut + +sub get_cataloguing_page_permissions { + + my @cataloguing_tools_subperms = qw( + inventory + items_batchdel + items_batchmod + items_batchmod + label_creator + manage_staged_marc + marc_modification_templates + records_batchdel + records_batchmod + stage_marc_import + upload_cover_images + ); + + return [ + { editcatalogue => '*' }, { tools => \@cataloguing_tools_subperms }, + C4::Context->preference('StockRotation') ? { stockrotation => 'manage_rotas' } : () + ]; +} + =head2 haspermission $flagsrequired = '*'; # Any permission at all diff --git a/cataloguing/cataloging-home.pl b/cataloguing/cataloging-home.pl index 28c52939b3..d8e76d23cc 100755 --- a/cataloguing/cataloging-home.pl +++ b/cataloguing/cataloging-home.pl @@ -18,7 +18,7 @@ use Modern::Perl; use CGI qw ( -utf8 ); -use C4::Auth qw( get_template_and_user ); +use C4::Auth qw( get_cataloguing_page_permissions get_template_and_user ); use C4::Output qw( output_html_with_http_headers ); use C4::Context; @@ -26,12 +26,12 @@ use Koha::BiblioFrameworks; use Koha::Z3950Servers; my $query = CGI->new; -my ($template, $loggedinuser, $cookie, $flags) = get_template_and_user( +my ( $template, $loggedinuser, $cookie, $flags ) = get_template_and_user( { - template_name => "cataloguing/cataloging-home.tt", - query => $query, - type => "intranet", - flagsrequired => { editcatalogue => '*' }, + template_name => "cataloguing/cataloging-home.tt", + query => $query, + type => "intranet", + flagsrequired => get_cataloguing_page_permissions(), } ); diff --git a/koha-tmpl/intranet-tmpl/prog/en/includes/header.inc b/koha-tmpl/intranet-tmpl/prog/en/includes/header.inc index a63e8443c7..e4c6280285 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/includes/header.inc +++ b/koha-tmpl/intranet-tmpl/prog/en/includes/header.inc @@ -30,7 +30,7 @@ More