git.koha-community.org Git - koha.git/commit

author	Nick Clemens <nick@bywatersolutions.com>
	Tue, 23 Jul 2024 13:26:12 +0000 (13:26 +0000)
committer	Katrin Fischer <katrin.fischer@bsz-bw.de>
	Wed, 30 Oct 2024 17:45:49 +0000 (18:45 +0100)
commit	e2f1310f71e2dede935658684f88f80c3e7e49c7
tree	ddb0d5e0f67aea45cf0274e4c8b53d19db07c3d5	tree \| snapshot
parent	209286d5700a7d3fe99a0c2d5db8b0a4d75d3b18	commit \| diff

Bug 37392: can_see_things_from is always checking patron visibility

When trying to edit items, we are seeing the button visibility affected by a patron's
permission to view patrons form any library.

This is because can_edit_items_from is calling can_see_things_from - which is ultimately calling
libraries_where_can_see_patrons

That last call should be to libraries_where_can_see_things. This patch corrects that, and passes forward the group feature to check against

To test:

Set up library group:
* Create a library group for library A + B
* Action: Limit item editing by group

Set up test user:
* Create a staff patron with these permissions:
  * catalogue
  * fast_cataloguing
  * edit_items
  * view_borrower_infos_from_any_libraries
  * edit borrowers
* Home library: library A

Set up test items:
* Create a record with 3 items with different home libraries:
  * A
  * B
  * C

We expect the user will be allowed to edit A and B, but not C.

Test:
* Test editing the items with the test user, only A is allowed to be edited.
* Remove the view_borrower_infos_from_any_libraries permission from test user.
* Test editing items now behaves as expected: A + B are allowed, C is not.

Signed-off-by: Michaela Sieber <michaela.sieber@kit.edu>
Signed-off-by: Brendan Lawlor <blawlor@clamsnet.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>