From 8e91a0f01df4a37b36dc3fe27bab3126a0dc8aa8 Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Fri, 29 Aug 2014 11:06:26 +0200 Subject: [PATCH] Bug 12648: The users added to basket should have a permission Before this enh, the users to add to a basket should have the acquisition.order_manage permission. This patch reintroduces this behavior. The code in acqui/add_user_search.pl was never used. The filter should be done in the members/search service. But it is not possible easily to filter using a sql query, so the filter is done after. This means that we cannot use the DT pagination (otherwise the results will become inconsistent). Test plan: 1/ On adding patrons to a basket, verify that the search patron results contain patron with the acquisition.order_manage permission. 2/ Verify that all patrons are return on the 'normal' patron search and when adding patrons to an order. Signed-off-by: Paola Rossi Signed-off-by: Kyle M Hall Signed-off-by: Tomas Cohen Arazi --- C4/Utils/DataTables/Members.pm | 1 + acqui/add_user_search.pl | 40 ------------------- .../prog/en/modules/acqui/add_user_search.tt | 20 ++++++++-- svc/members/search | 28 ++++++++++++- 4 files changed, 43 insertions(+), 46 deletions(-) diff --git a/C4/Utils/DataTables/Members.pm b/C4/Utils/DataTables/Members.pm index 6a97ea3071..7b3a1eca5d 100644 --- a/C4/Utils/DataTables/Members.pm +++ b/C4/Utils/DataTables/Members.pm @@ -37,6 +37,7 @@ sub search { borrowers.address2, borrowers.city, borrowers.state, borrowers.zipcode, borrowers.country, cardnumber, borrowers.dateexpiry, borrowers.borrowernotes, borrowers.branchcode, borrowers.email, + borrowers.userid, categories.description AS category_description, categories.category_type, branches.branchname"; my $from = "FROM borrowers diff --git a/acqui/add_user_search.pl b/acqui/add_user_search.pl index a950464889..c4717c5d4b 100755 --- a/acqui/add_user_search.pl +++ b/acqui/add_user_search.pl @@ -49,46 +49,6 @@ my $search_patrons_with_acq_perm_only = ( $referer =~ m|acqui/basket.pl| ) ? 1 : 0; -if( $op eq "do_search" ) { - my $results = C4::Members::Search( $q, "surname"); - - my @users_loop; - my $nresults = 0; - foreach my $res (@$results) { - my $should_be_returned = 1; - - if ( $search_patrons_with_acq_perm_only ) { - $should_be_returned = 0; - my $perms = haspermission( $res->{userid} ); - my $subperms = get_user_subpermissions( $res->{userid} ); - - if( $perms->{superlibrarian} == 1 - || $perms->{acquisition} == 1 - || $subperms->{acquisition}->{'order_manage'} ) { - $should_be_returned = 1; - } - } - if ( $should_be_returned ) { - my %row = ( - borrowernumber => $res->{borrowernumber}, - cardnumber => $res->{cardnumber}, - surname => $res->{surname}, - firstname => $res->{firstname}, - categorycode => $res->{categorycode}, - branchcode => $res->{branchcode}, - ); - push( @users_loop, \%row ); - $nresults ++; - } - } - - $template->param( - q => $q, - nresults => $nresults, - users_loop => \@users_loop, - ); -} - $template->param( patrons_with_acq_perm_only => $search_patrons_with_acq_perm_only, ); diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/add_user_search.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/add_user_search.tt index 02c8035da4..a61a5be80b 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/add_user_search.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/add_user_search.tt @@ -19,7 +19,14 @@ $(document).ready(function(){ aoData.push({ 'name': 'template_path', 'value': 'acqui/tables/members_results.tt', - }); + } + [% IF patrons_with_acq_perm_only %] + ,{ + 'name': 'has_permission', + 'value': 'acquisition.order_manage', + } + [% END %] + ); $.ajax({ 'dataType': 'json', 'type': 'POST', @@ -38,9 +45,14 @@ $(document).ready(function(){ { 'mDataProp': 'dt_action', 'bSortable': false } ], 'bAutoWidth': false, - 'sPaginationType': 'full_numbers', - "iDisplayLength": [% Koha.Preference('PatronsPerPage') %], - "bProcessing": true, + [% IF patrons_with_acq_perm_only %] + 'bPaginate': false, + [% ELSE %] + 'sPaginationType': 'full_numbers', + "iDisplayLength": [% Koha.Preference('PatronsPerPage') %], + "bProcessing": true, + [% END %] + 'bProcessing': true, })); dtMemberResults.fnAddFilters("filter", 750); }); diff --git a/svc/members/search b/svc/members/search index 0c67a192cd..b2af851f45 100755 --- a/svc/members/search +++ b/svc/members/search @@ -20,7 +20,7 @@ use Modern::Perl; use CGI; -use C4::Auth qw( get_template_and_user ); +use C4::Auth qw( get_template_and_user haspermission get_user_subpermissions ); use C4::Output qw( output_with_http_headers ); use C4::Utils::DataTables qw( dt_get_params ); use C4::Utils::DataTables::Members qw( search ); @@ -44,6 +44,7 @@ my $categorycode = $input->param('categorycode'); my $branchcode = $input->param('branchcode'); my $searchtype = $input->param('searchtype'); my $searchfieldstype = $input->param('searchfieldstype') || 'standard'; +my $has_permission = $input->param('has_permission'); if ( $searchfieldstype eq "dateofbirth" ) { $searchmember = output_pref({dt => dt_from_string($searchmember), dateformat => 'iso', dateonly => 1}); @@ -82,10 +83,33 @@ $results = C4::Utils::DataTables::Members::search( searchtype => $searchtype, searchfieldstype => $searchfieldstype, dt_params => \%dt_params, - } ) unless $results; +# It is not recommanded to use the has_permission param if you use the pagination +# The filter is done AFTER requested the data +if ($has_permission) { + my ( $permission, $subpermission ) = split /\./, $has_permission; + my @patrons_with_permission; + for my $patron ( @{ $results->{patrons} } ) { + my $perms = haspermission( $patron->{userid} ); + if ( $perms->{superlibrarian} == 1 + or $perms->{$permission} == 1 ) + { + push @patrons_with_permission, $patron; + next; + } + + if ($subpermission) { + my $subperms = get_user_subpermissions( $patron->{userid} ); + push @patrons_with_permission, $patron + if $subperms->{$permission}->{$subpermission}; + } + } + $results->{patrons} = \@patrons_with_permission; + $results->{iTotalDisplayRecords} = scalar( @patrons_with_permission ); +} + $template->param( sEcho => $sEcho, iTotalRecords => $results->{iTotalRecords}, -- 2.39.5