From c0ecd7df4fdfa9e2520b1acc498a820f6abebaf1 Mon Sep 17 00:00:00 2001 From: Paul Poulain Date: Wed, 6 Apr 2011 10:54:38 +0200 Subject: [PATCH] Bug 6072: fixing permission inconsistencies MT5306 In large libraries, some librarian may have permission only to recieve shipments This patch fixes some permission : * booksellers page = accessible to anyone that has at least 1 acq permission * parcels = accessible to anyone with order_recieve * supplier detail = accessible to anyone that has at least 1 acq permission, but modifying accessible only if vendor_manage Signed-off-by: Katrin Fischer Signed-off-by: Chris Cormack --- acqui/booksellers.pl | 2 +- acqui/parcels.pl | 2 +- acqui/supplier.pl | 2 +- .../prog/en/includes/acquisitions-toolbar.inc | 22 +++++++++++-------- .../prog/en/modules/acqui/booksellers.tmpl | 4 +++- 5 files changed, 19 insertions(+), 13 deletions(-) diff --git a/acqui/booksellers.pl b/acqui/booksellers.pl index 88dbaa9e77..cc5c084508 100755 --- a/acqui/booksellers.pl +++ b/acqui/booksellers.pl @@ -66,7 +66,7 @@ my ( $template, $loggedinuser, $cookie ) = get_template_and_user( query => $query, type => 'intranet', authnotrequired => 0, - flagsrequired => { acquisition => 'vendors_manage' }, + flagsrequired => { acquisition => '*' }, debug => 1, } ); diff --git a/acqui/parcels.pl b/acqui/parcels.pl index 1e8d44e3d7..915b1e8aa7 100755 --- a/acqui/parcels.pl +++ b/acqui/parcels.pl @@ -91,7 +91,7 @@ my ( $template, $loggedinuser, $cookie ) = get_template_and_user( query => $input, type => 'intranet', authnotrequired => 0, - flagsrequired => { acquisition => 1 }, + flagsrequired => { acquisition => 'order_receive' }, debug => 1, } ); diff --git a/acqui/supplier.pl b/acqui/supplier.pl index 52d940c616..2a4078a75e 100755 --- a/acqui/supplier.pl +++ b/acqui/supplier.pl @@ -64,7 +64,7 @@ my ( $template, $loggedinuser, $cookie ) = get_template_and_user( query => $query, type => 'intranet', authnotrequired => 0, - flagsrequired => { acquisition => 'vendors_manage' }, + flagsrequired => { acquisition => '*' }, debug => 1, } ); diff --git a/koha-tmpl/intranet-tmpl/prog/en/includes/acquisitions-toolbar.inc b/koha-tmpl/intranet-tmpl/prog/en/includes/acquisitions-toolbar.inc index 9f7a8e5e91..a11417aeb1 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/includes/acquisitions-toolbar.inc +++ b/koha-tmpl/intranet-tmpl/prog/en/includes/acquisitions-toolbar.inc @@ -21,9 +21,11 @@ new YAHOO.widget.Button("editcontracts"); var manageorders = [ - { text: _("New basket"), url: "/cgi-bin/koha/acqui/basketheader.pl?booksellerid=&op=add_form"}, - { text: _("Baskets"), url: "/cgi-bin/koha/acqui/booksellers.pl?supplierid="}, - { text: _("Basket groups"), url: "/cgi-bin/koha/acqui/basketgroup.pl?booksellerid="}, + + { text: _("New basket"), url: "/cgi-bin/koha/acqui/basketheader.pl?booksellerid=&op=add_form"}, + { text: _("Baskets"), url: "/cgi-bin/koha/acqui/booksellers.pl?supplierid="}, + { text: _("Basket groups"), url: "/cgi-bin/koha/acqui/basketgroup.pl?booksellerid="}, + { text: _("Receive shipments"), url: "/cgi-bin/koha/acqui/parcels.pl?supplierid=" }, { text: _("Uncertain prices"), url: "/cgi-bin/koha/acqui/uncertainprice.pl?booksellerid=&basketno=&owner=1"} @@ -42,12 +44,14 @@