From b8a2365a3455a70ef8bdcb99e74b419bc4572b96 Mon Sep 17 00:00:00 2001 From: Katrin Fischer Date: Fri, 18 May 2018 10:40:21 +0000 Subject: [PATCH] Bug 11911: Add a separate permission for managing suggestions MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Without this patch only catalogue permission was required for managing suggestions. This patch adds a new permission in the acquisition module do manage suggestions and updates staff user permissions accordingly. To test: - Make sure there is a pending suggestion - Create a few users with different permission sets: - User 1: only catalogue - User 2: any acquisition permission - User 3: cataloguing permission - Check all of them can access: /cgi-bin/koha/suggestion/suggestion.pl - Apply the patch - Verify all of them now have the suggestions_manage permission - Verify everything displays correctly on: - intranet start page - patron account in staff - acquisition start page - suggestion page (try to access by URL too) - Remove suggestions_manage for a staff user - Repeat tests above, access should be denied/links not visible Bonus: - Fixes the link on the acquisition start page for late orders to mage the permissions of the page itself: order_receive Signed-off-by: Séverine QUEUNE Signed-off-by: Jonathan Druart Signed-off-by: Nick Clemens --- .../atomicupdate/bug11911_suggestions_permission.sql | 6 ++++++ installer/data/mysql/userpermissions.sql | 1 + .../intranet-tmpl/prog/en/includes/acquisitions-menu.inc | 6 +++--- koha-tmpl/intranet-tmpl/prog/en/includes/circ-menu.inc | 2 +- koha-tmpl/intranet-tmpl/prog/en/includes/permissions.inc | 9 +++++---- koha-tmpl/intranet-tmpl/prog/en/modules/intranet-main.tt | 2 +- members/purchase-suggestions.pl | 2 +- suggestion/suggestion.pl | 2 +- 8 files changed, 19 insertions(+), 11 deletions(-) create mode 100644 installer/data/mysql/atomicupdate/bug11911_suggestions_permission.sql diff --git a/installer/data/mysql/atomicupdate/bug11911_suggestions_permission.sql b/installer/data/mysql/atomicupdate/bug11911_suggestions_permission.sql new file mode 100644 index 0000000000..9ce0fbccfc --- /dev/null +++ b/installer/data/mysql/atomicupdate/bug11911_suggestions_permission.sql @@ -0,0 +1,6 @@ +INSERT INTO permissions (module_bit, code, description) VALUES (11, 'suggestions_manage', 'Manage purchase suggestions'); + +INSERT INTO user_permissions (borrowernumber, module_bit, code) + SELECT borrowernumber, 11, 'suggestions_manage' FROM borrowers WHERE flags & (1 << 2); + +-- Bug 19911: Add new permission suggestions_manage and update staff users diff --git a/installer/data/mysql/userpermissions.sql b/installer/data/mysql/userpermissions.sql index e0c4ed368b..67b76e6871 100644 --- a/installer/data/mysql/userpermissions.sql +++ b/installer/data/mysql/userpermissions.sql @@ -19,6 +19,7 @@ INSERT INTO permissions (module_bit, code, description) VALUES (10, 'writeoff', 'Write off fines and fees'), (10, 'remaining_permissions', 'Remaining permissions for managing fines and fees'), (11, 'currencies_manage', 'Manage currencies and exchange rates'), + (11, 'suggestions_manage', 'Manage purchase suggestions'), (11, 'vendors_manage', 'Manage vendors'), (11, 'contracts_manage', 'Manage contracts'), (11, 'period_manage', 'Manage budgets'), diff --git a/koha-tmpl/intranet-tmpl/prog/en/includes/acquisitions-menu.inc b/koha-tmpl/intranet-tmpl/prog/en/includes/acquisitions-menu.inc index c043e4eef6..39da875c31 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/includes/acquisitions-menu.inc +++ b/koha-tmpl/intranet-tmpl/prog/en/includes/acquisitions-menu.inc @@ -3,9 +3,9 @@
Acquisitions
  • Acquisitions home
  • -
  • Late orders
  • - [% IF ( suggestion ) %]
  • Suggestions
  • [% END %] -
  • Invoices
  • + [% IF ( CAN_user_acquisition_order_receive ) %]
  • Late orders
  • [% END %] + [% IF ( suggestion && CAN_user_acquisition_suggestions_manage ) %]
  • Suggestions
  • [% END %] +
  • Invoices
  • [% IF CAN_user_acquisition_edi_manage %]
  • EDIFACT messages
  • [% END %] diff --git a/koha-tmpl/intranet-tmpl/prog/en/includes/circ-menu.inc b/koha-tmpl/intranet-tmpl/prog/en/includes/circ-menu.inc index dcdf1ccc87..fb56a01016 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/includes/circ-menu.inc +++ b/koha-tmpl/intranet-tmpl/prog/en/includes/circ-menu.inc @@ -109,7 +109,7 @@ [% END %] [% END %] - [% IF CAN_user_borrowers_edit_borrowers %] + [% IF CAN_user_acquisition_suggestions_manage %] [% IF ( suggestionsview ) %]
  • [% ELSE %]
  • [% END %]Purchase suggestions
  • [% END %] [% IF CAN_user_borrowers_edit_borrowers && useDischarge %] diff --git a/koha-tmpl/intranet-tmpl/prog/en/includes/permissions.inc b/koha-tmpl/intranet-tmpl/prog/en/includes/permissions.inc index 3bbbe7af25..6193de3ed4 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/includes/permissions.inc +++ b/koha-tmpl/intranet-tmpl/prog/en/includes/permissions.inc @@ -45,10 +45,11 @@ [%- CASE 'fast_cataloging' -%]Fast cataloging [%- CASE 'remaining_permissions' -%]Remaining permissions for managing fines and fees [%- CASE 'writeoff' -%]Write off fines and fees - [%- CASE 'budget_add_del' -%]Add and delete funds (but can't modify funds) - [%- CASE 'budget_manage' -%]Manage funds - [%- CASE 'budget_manage_all' -%]Manage all funds - [%- CASE 'budget_modify' -%]Modify funds (can't create lines, but can modify existing ones) + [%- CASE 'suggestions_manage' -%]Manage purchase suggestions + [%- CASE 'budget_add_del' -%]Add and delete budgets (but can't modify budgets) + [%- CASE 'budget_manage' -%]Manage budgets + [%- CASE 'budget_manage_all' -%]Manage all budgets + [%- CASE 'budget_modify' -%]Modify budget (can't create lines, but can modify existing ones) [%- CASE 'contracts_manage' -%]Manage contracts [%- CASE 'group_manage' -%]Manage basket groups [%- CASE 'order_manage' -%]Manage basket and order lines diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/intranet-main.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/intranet-main.tt index 7cb0632530..2680ff2fa8 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/intranet-main.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/intranet-main.tt @@ -135,7 +135,7 @@ [% END %] - [% IF ( CAN_user_acquisition && pendingsuggestions ) %] + [% IF ( CAN_user_acquisition_suggestions_manage && pendingsuggestions ) %]
    Suggestions pending approval: diff --git a/members/purchase-suggestions.pl b/members/purchase-suggestions.pl index 026ab89209..8e4b76ad59 100755 --- a/members/purchase-suggestions.pl +++ b/members/purchase-suggestions.pl @@ -35,7 +35,7 @@ my ( $template, $loggedinuser, $cookie ) = get_template_and_user( query => $input, type => "intranet", authnotrequired => 0, - flagsrequired => { borrowers => 'edit_borrowers' }, + flagsrequired => { acquisition => 'suggestions_manage' }, debug => 1, } ); diff --git a/suggestion/suggestion.pl b/suggestion/suggestion.pl index 98fcca4914..1604d628b0 100755 --- a/suggestion/suggestion.pl +++ b/suggestion/suggestion.pl @@ -111,7 +111,7 @@ my ( $template, $borrowernumber, $cookie, $userflags ) = get_template_and_user( template_name => "suggestion/suggestion.tt", query => $input, type => "intranet", - flagsrequired => { catalogue => 1 }, + flagsrequired => { acquisition => 'suggestions_manage' }, } ); -- 2.39.5