From 6b984a0feb29aede7a569dddd6aae35b13eed5cf Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Wed, 11 Dec 2019 16:39:36 +0100 Subject: [PATCH] Bug 24157: New permission - delete_baskets Add a new permission to delete acquisition baskets Test plan: - Remove the new permission "delete_basket" for a given patron, use it to log in into Koha - Create basket, try to delete it => There is no way to delete it - Add the permission => Now you can delete the basket Sponsored-by: Galway-Mayo Institute of Technology Signed-off-by: Owen Leonard Signed-off-by: Alex Arnaud Signed-off-by: Jonathan Druart --- acqui/basket.pl | 6 ++++++ installer/data/mysql/atomicupdate/bug_24157.perl | 6 +++++- installer/data/mysql/userpermissions.sql | 1 + koha-tmpl/intranet-tmpl/prog/en/includes/permissions.inc | 5 +++++ koha-tmpl/intranet-tmpl/prog/en/modules/acqui/basket.tt | 5 +++-- 5 files changed, 20 insertions(+), 3 deletions(-) diff --git a/acqui/basket.pl b/acqui/basket.pl index 8e2929fb2a..4ef5facafa 100755 --- a/acqui/basket.pl +++ b/acqui/basket.pl @@ -91,6 +91,8 @@ our ( $template, $loggedinuser, $cookie, $userflags ) = get_template_and_user( } ); +my $logged_in_patron = Koha::Patrons->find( $loggedinuser ); + our $basket = GetBasket($basketno); $booksellerid = $basket->{booksellerid} unless $booksellerid; my $bookseller = Koha::Acquisition::Booksellers->find( $booksellerid ); @@ -123,6 +125,10 @@ $template->param( skip_confirm_reopen => 1) if $confirm_pref eq '2'; my @messages; if ( $op eq 'delete_confirm' ) { + + output_and_exit( $query, $cookie, $template, 'insufficient_permission' ) + unless $logged_in_patron->has_permission( { acquisition => 'delete_baskets' } ); + my $basketno = $query->param('basketno'); my $delbiblio = $query->param('delbiblio'); my @orders = GetOrders($basketno); diff --git a/installer/data/mysql/atomicupdate/bug_24157.perl b/installer/data/mysql/atomicupdate/bug_24157.perl index 031b7a0a39..e7908dd179 100644 --- a/installer/data/mysql/atomicupdate/bug_24157.perl +++ b/installer/data/mysql/atomicupdate/bug_24157.perl @@ -10,6 +10,10 @@ if( CheckVersion( $DBversion ) ) { (11, 'edit_invoices', 'Edit invoices') |); + $dbh->do(q| + INSERT IGNORE INTO permissions (module_bit, code, description) VALUES + (11, 'delete_baskets', 'Delete baskets') + |); $dbh->do(q| INSERT IGNORE INTO permissions (module_bit, code, description) VALUES @@ -17,5 +21,5 @@ if( CheckVersion( $DBversion ) ) { |); SetVersion( $DBversion ); - print "Upgrade to $DBversion done (Bug 24157: Add new permissions reopen_closed_invoices, edit_invoices delete_invoices)\n"; + print "Upgrade to $DBversion done (Bug 24157: Add new permissions reopen_closed_invoices, edit_invoices, delete_invoices, delete_baskets)\n"; } diff --git a/installer/data/mysql/userpermissions.sql b/installer/data/mysql/userpermissions.sql index f9a6cda1ae..636b24532c 100644 --- a/installer/data/mysql/userpermissions.sql +++ b/installer/data/mysql/userpermissions.sql @@ -68,6 +68,7 @@ INSERT INTO permissions (module_bit, code, description) VALUES (11, 'reopen_closed_invoices', 'Reopen closed invoices'), (11, 'edit_invoices', 'Edit invoices'), (11, 'delete_invoices', 'Delete invoices'), + (11, 'delete_baskets', 'Delete baskets'), (12, 'suggestions_manage', 'Manage purchase suggestions'), (13, 'edit_news', 'Write news for the OPAC and staff interfaces'), (13, 'label_creator', 'Create printable labels and barcodes from catalog and patron data'), diff --git a/koha-tmpl/intranet-tmpl/prog/en/includes/permissions.inc b/koha-tmpl/intranet-tmpl/prog/en/includes/permissions.inc index 8ebde449a5..42dd9ca4f5 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/includes/permissions.inc +++ b/koha-tmpl/intranet-tmpl/prog/en/includes/permissions.inc @@ -705,6 +705,11 @@ Delete invoices ([% name | html %]) + [%- CASE 'delete_baskets' -%] + + Delete baskets + + ([% name | html %]) [%# self_check %] [%- CASE 'self_checkin_module' -%] diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/basket.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/basket.tt index 784838b6d9..a9359d3541 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/basket.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/basket.tt @@ -59,8 +59,9 @@ [% END %] - [%# FIXME This action should not be available for everyone %] - + [% IF CAN_user_acquisition_delete_baskets %] + + [% END %] [% IF ( unclosable ) %] [% ELSIF ( uncertainprices ) %] -- 2.39.5