From f10acb07e68f10a69e087012e47ae210cd609783 Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Tue, 10 Dec 2019 20:03:28 +0100 Subject: [PATCH] Bug 24157: New permission - reopen_closed_invoices New permission to reopen a closed invoice. Test plan: - Remove the new permission "reopen_closed_invoices" for a given patron, use it to log in into Koha - Create an invoice, close it => You are not able to reopen the invoice - Add the permission => You are able to reopen the invoice Sponsored-by: Galway-Mayo Institute of Technology Signed-off-by: Owen Leonard Signed-off-by: Alex Arnaud Signed-off-by: Jonathan Druart --- acqui/invoice.pl | 8 +++++++- .../data/mysql/atomicupdate/bug_24157.perl | 10 ++++++++++ installer/data/mysql/userpermissions.sql | 1 + .../prog/en/includes/blocking_errors.inc | 2 ++ .../prog/en/includes/permissions.inc | 5 +++++ .../prog/en/modules/acqui/invoice.tt | 19 ++++++++++++++++--- .../prog/en/modules/acqui/invoices.tt | 4 +++- .../prog/en/modules/acqui/parcel.tt | 4 +++- 8 files changed, 47 insertions(+), 6 deletions(-) create mode 100644 installer/data/mysql/atomicupdate/bug_24157.perl diff --git a/acqui/invoice.pl b/acqui/invoice.pl index 26717e99fe..5a7ce08f38 100755 --- a/acqui/invoice.pl +++ b/acqui/invoice.pl @@ -52,6 +52,8 @@ my ( $template, $loggedinuser, $cookie, $flags ) = get_template_and_user( } ); +my $logged_in_patron = Koha::Patrons->find( $loggedinuser ); + my $invoiceid = $input->param('invoiceid'); my $op = $input->param('op'); @@ -70,6 +72,9 @@ if ( $op && $op eq 'close' ) { } } elsif ( $op && $op eq 'reopen' ) { + output_and_exit( $input, $cookie, $template, 'insufficient_permission' ) + unless $logged_in_patron->has_permission( { acquisition => 'reopen_closed_invoices' } ); + ReopenInvoice($invoiceid); my $referer = $input->param('referer'); if ($referer) { @@ -90,7 +95,8 @@ elsif ( $op && $op eq 'mod' ) { shipmentcost_budgetid => $shipment_budget_id ); if ($input->param('reopen')) { - ReopenInvoice($invoiceid); + ReopenInvoice($invoiceid) + if $logged_in_patron->has_permission( { acquisition => 'reopen_closed_invoices' } ); } elsif ($input->param('close')) { CloseInvoice($invoiceid); } elsif ($input->param('merge')) { diff --git a/installer/data/mysql/atomicupdate/bug_24157.perl b/installer/data/mysql/atomicupdate/bug_24157.perl new file mode 100644 index 0000000000..60536820ea --- /dev/null +++ b/installer/data/mysql/atomicupdate/bug_24157.perl @@ -0,0 +1,10 @@ +$DBversion = 'XXX'; # will be replaced by the RM +if( CheckVersion( $DBversion ) ) { + $dbh->do(q| + INSERT IGNORE INTO permissions (module_bit, code, description) VALUES + (11, 'reopen_closed_invoices', 'Reopen closed invoices') + |); + + SetVersion( $DBversion ); + print "Upgrade to $DBversion done (Bug 24157: Add new permission reopen_closed_invoices)\n"; +} diff --git a/installer/data/mysql/userpermissions.sql b/installer/data/mysql/userpermissions.sql index f90eee99a7..67e2c67ba0 100644 --- a/installer/data/mysql/userpermissions.sql +++ b/installer/data/mysql/userpermissions.sql @@ -65,6 +65,7 @@ INSERT INTO permissions (module_bit, code, description) VALUES (11, 'budget_add_del', 'Add and delete funds (but can''t modify funds)'), (11, 'budget_manage_all', 'Manage all funds'), (11, 'edi_manage', 'Manage EDIFACT transmissions'), + (11, 'reopen_closed_invoices', 'Reopen closed invoices'), (12, 'suggestions_manage', 'Manage purchase suggestions'), (13, 'edit_news', 'Write news for the OPAC and staff interfaces'), (13, 'label_creator', 'Create printable labels and barcodes from catalog and patron data'), diff --git a/koha-tmpl/intranet-tmpl/prog/en/includes/blocking_errors.inc b/koha-tmpl/intranet-tmpl/prog/en/includes/blocking_errors.inc index 146264a10f..7bc3987afb 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/includes/blocking_errors.inc +++ b/koha-tmpl/intranet-tmpl/prog/en/includes/blocking_errors.inc @@ -19,6 +19,8 @@
The budget is locked, fund creation is not possible.
[% CASE 'missing_es_modules' %]
Necessary Elasticsearch packages are not installed on your server. Please contact your server admin if you wish to configure Elasticsearch
+ [% CASE 'insufficient_permission' %] +
You do not have sufficient permission to continue.
[% CASE %][% blocking_error | html %] [% END %] diff --git a/koha-tmpl/intranet-tmpl/prog/en/includes/permissions.inc b/koha-tmpl/intranet-tmpl/prog/en/includes/permissions.inc index 368202b7cc..e64d5f08f3 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/includes/permissions.inc +++ b/koha-tmpl/intranet-tmpl/prog/en/includes/permissions.inc @@ -690,6 +690,11 @@ Manage EDIFACT transmissions ([% name | html %]) + [%- CASE 'reopen_closed_invoices' -%] + + Reopen closed invoices + + ([% name | html %]) [%# self_check %] [%- CASE 'self_checkin_module' -%] diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/invoice.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/invoice.tt index 0d9b29cc70..fd7ed12a6a 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/invoice.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/invoice.tt @@ -15,6 +15,8 @@ [% INCLUDE 'header.inc' %] [% INCLUDE 'acquisitions-search.inc' %] +[% SET readonly = NOT CAN_user_acquisition_edit_invoices %] +
@@ -35,8 +37,12 @@
  1. - - Required + [% IF readonly %] + [% invoicenumber | html %] + [% ELSE %] + + Required + [% END %]
  2. @@ -71,7 +77,14 @@
  3. Status: Closed on [% invoiceclosedate | $KohaDates %]
  4. -
  5. +
  6. + + [% IF CAN_user_acquisition_reopen_closed_invoices %] + + [% ELSE %] + + [% END %] +
  7. [% ELSE %]
  8. Status: Open
  9. diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/invoices.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/invoices.tt index 5b8b34fad0..a77339c4d4 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/invoices.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/invoices.tt @@ -81,7 +81,9 @@