From 435211adbc230514f4c0c370bbe8002dafa595af Mon Sep 17 00:00:00 2001 From: Martin Renvoize Date: Mon, 22 Jan 2024 16:49:56 +0000 Subject: [PATCH] Bug 29509: Update swagger specification and add permissions to users This patch removes the 'edit_borrowers', 'manage_bookings', 'lable_creator', 'routing' and 'order_manage' permissions from the list of options in the patrons list endpoint. We then assign the new 'list_borrowers' permission to any users who have those removed permissions Test plan 1) Apply patch and run the database update 2) Users with any of the permissions listed above should now also have the 'list_borrowers' permission too. 3) Check that patron searching continues to work from the various locations in the UI for the above affected users Signed-off-by: Victor Grousset/tuxayo Signed-off-by: Marcel de Rooy [EDIT] Incorporated second patch and removed 1<<4. 16 reads much better :) Signed-off-by: Kyle M Hall Signed-off-by: Martin Renvoize (cherry picked from commit 85ea79c45b6f95baee9ec955c6c09046808771b5) Signed-off-by: Lucas Gass --- api/v1/swagger/paths/patrons.yaml | 5 -- .../data/mysql/atomicupdate/bug_29509.pl | 61 +++++++++++++++++++ 2 files changed, 61 insertions(+), 5 deletions(-) create mode 100755 installer/data/mysql/atomicupdate/bug_29509.pl diff --git a/api/v1/swagger/paths/patrons.yaml b/api/v1/swagger/paths/patrons.yaml index c35a390f36..cf05d748d8 100644 --- a/api/v1/swagger/paths/patrons.yaml +++ b/api/v1/swagger/paths/patrons.yaml @@ -401,11 +401,6 @@ x-koha-authorization: permissions: - borrowers: "list_borrowers" - - borrowers: "edit_borrowers" - - circulate: "manage_bookings" - - tools: "label_creator" - - serials: "routing" - - acquisition: "order_manage" post: x-mojo-to: Patrons#add operationId: addPatron diff --git a/installer/data/mysql/atomicupdate/bug_29509.pl b/installer/data/mysql/atomicupdate/bug_29509.pl new file mode 100755 index 0000000000..a23d4ca0b0 --- /dev/null +++ b/installer/data/mysql/atomicupdate/bug_29509.pl @@ -0,0 +1,61 @@ +use Modern::Perl; +use Array::Utils qw( array_minus ); + +return { + bug_number => "29509", + description => "Update users with list_borrowers permission where required", + up => sub { + my ($args) = @_; + my ( $dbh, $out ) = @$args{qw(dbh out)}; + + # Users to exclude from update, (superlibrarians or borrowers flags) + my $sth = $dbh->prepare("SELECT borrowernumber FROM borrowers WHERE flags = 1 OR flags & 16"); + $sth->execute(); + my @exclusions = map { $_->[0] } @{ $sth->fetchall_arrayref }; + + # Prepare insert + my $insert_sth = + $dbh->prepare("INSERT IGNORE INTO user_permissions (borrowernumber, module_bit, code) VALUES (?, ?, ?)"); + + # Check for 'borrowers' or 'borrowers > edit_borrowers' permission + my $sth2 = $dbh->prepare("SELECT borrowernumber FROM user_permissions WHERE code = 'edit_borrowers'"); + $sth2->execute(); + my @edit_borrowers = map { $_->[0] } @{ $sth2->fetchall_arrayref }; + my @reduced = array_minus( @edit_borrowers, @exclusions ); + my @rows_to_insert = ( map { [ $_, 4, "list_borrowers" ] } array_minus( @edit_borrowers, @exclusions ) ); + foreach my $row (@rows_to_insert) { $insert_sth->execute( @{$row} ); } + say $out "list_borrowers added to all users with edit_borrowers"; + + # Check for 'circulate' or 'circulate > manage_bookings' permission + my $sth3 = $dbh->prepare("SELECT borrowernumber FROM user_permissions WHERE code = 'manage_bookings'"); + $sth3->execute(); + my @manage_bookings = map { $_->[0] } @{ $sth3->fetchall_arrayref }; + @rows_to_insert = ( map { [ $_, 4, "list_borrowers" ] } array_minus( @manage_bookings, @exclusions ) ); + foreach my $row (@rows_to_insert) { $insert_sth->execute( @{$row} ); } + say $out "list_borrowers added to all users with manage_bookings"; + + # Check for 'tools' or 'tools > label_creator' permission + my $sth4 = $dbh->prepare("SELECT borrowernumber FROM user_permissions WHERE code = 'label_creator'"); + $sth4->execute(); + my @label_creator = map { $_->[0] } @{ $sth4->fetchall_arrayref }; + @rows_to_insert = ( map { [ $_, 4, "list_borrowers" ] } array_minus( @label_creator, @exclusions ) ); + foreach my $row (@rows_to_insert) { $insert_sth->execute( @{$row} ); } + say $out "list_borrowers added to all users with label_creator"; + + # Check for 'serials' or 'serials > routing' permission + my $sth5 = $dbh->prepare("SELECT borrowernumber FROM user_permissions WHERE code = 'routing'"); + $sth5->execute(); + my @routing = map { $_->[0] } @{ $sth5->fetchall_arrayref }; + @rows_to_insert = ( map { [ $_, 4, "list_borrowers" ] } array_minus( @routing, @exclusions ) ); + foreach my $row (@rows_to_insert) { $insert_sth->execute( @{$row} ); } + say $out "list_borrowers added to all users with routing"; + + # Check for 'acquisitions' or 'acquisitions > order_manage' permission + my $sth6 = $dbh->prepare("SELECT borrowernumber FROM user_permissions WHERE code = 'order_manage'"); + $sth6->execute(); + my @order_manage = map { $_->[0] } @{ $sth6->fetchall_arrayref }; + @rows_to_insert = ( map { [ $_, 4, "list_borrowers" ] } array_minus( @order_manage, @exclusions ) ); + foreach my $row (@rows_to_insert) { $insert_sth->execute( @{$row} ); } + say $out "list_borrowers added to all users with order_manage"; + }, +}; -- 2.39.5