From 7146ce1e928dd19641e7a5a9d4cc4feb7ef5ce28 Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Mon, 31 Jul 2023 18:19:49 +0200 Subject: [PATCH] Bug 30708: Do not allow non-authorised users to edit the settings In case the logged in user does not have manage_sysprefs we should no display the form in the settings. Signed-off-by: Laurence Rault Signed-off-by: Marcel de Rooy Signed-off-by: Tomas Cohen Arazi --- Koha/REST/V1/Preservation.pm | 4 ++ .../definitions/preservation_config.yaml | 3 ++ .../vue/components/Preservation/Settings.vue | 46 ++++++++++++++++++- 3 files changed, 51 insertions(+), 2 deletions(-) diff --git a/Koha/REST/V1/Preservation.pm b/Koha/REST/V1/Preservation.pm index 994f9eb583..1bc2ca4f0a 100644 --- a/Koha/REST/V1/Preservation.pm +++ b/Koha/REST/V1/Preservation.pm @@ -39,6 +39,7 @@ Return the configuration options needed for the Preservation Vue app sub config { my $c = shift->openapi->valid_input or return; + my $patron = $c->stash('koha.user'); return $c->render( status => 200, openapi => { @@ -47,6 +48,9 @@ sub config { not_for_loan_waiting_list_in => C4::Context->preference('PreservationNotForLoanWaitingListIn'), not_for_loan_default_train_in => C4::Context->preference('PreservationNotForLoanDefaultTrainIn'), }, + permissions => { + 'manage_sysprefs' => $patron->has_permission( { parameters => 'manage_sysprefs' } ) ? 1 : 0, + }, }, ); } diff --git a/api/v1/swagger/definitions/preservation_config.yaml b/api/v1/swagger/definitions/preservation_config.yaml index c88e1bd0bd..1e789d9c48 100644 --- a/api/v1/swagger/definitions/preservation_config.yaml +++ b/api/v1/swagger/definitions/preservation_config.yaml @@ -4,4 +4,7 @@ properties: settings: type: object description: List of sysprefs used for the Preservation module + permissions: + type: object + description: List of permissions of the logged in user used for the Preservation module additionalProperties: false diff --git a/koha-tmpl/intranet-tmpl/prog/js/vue/components/Preservation/Settings.vue b/koha-tmpl/intranet-tmpl/prog/js/vue/components/Preservation/Settings.vue index 4170114aa9..6c8db0d2ee 100644 --- a/koha-tmpl/intranet-tmpl/prog/js/vue/components/Preservation/Settings.vue +++ b/koha-tmpl/intranet-tmpl/prog/js/vue/components/Preservation/Settings.vue @@ -5,7 +5,10 @@ {{ $__("Edit preservation settings") }}
-
+
{{ $__("General settings") }}
    @@ -72,6 +75,38 @@ >
+
+ {{ $__("General settings") }} +
    +
  1. + + {{ + get_lib_from_av( + "av_notforloan", + config.settings.not_for_loan_waiting_list_in + ) + }} +
  2. +
  3. + + {{ + get_lib_from_av( + "av_notforloan", + config.settings.not_for_loan_default_train_in + ) + }} +
  4. +
+
+
@@ -87,12 +122,19 @@ export default { setup() { const AVStore = inject("AVStore") const { av_notforloan } = storeToRefs(AVStore) + const { get_lib_from_av } = AVStore const { setMessage, setWarning } = inject("mainStore") const PreservationStore = inject("PreservationStore") const { config } = PreservationStore - return { av_notforloan, setMessage, setWarning, config } + return { + av_notforloan, + get_lib_from_av, + setMessage, + setWarning, + config, + } }, data() { return { -- 2.39.5