From 203757e353cbbb2add934523fdbd7113c6180207 Mon Sep 17 00:00:00 2001 From: Julian Maurice Date: Fri, 18 May 2012 09:12:43 +0200 Subject: [PATCH] Bug 7304: More permissions for budgets - Possibility to add users to a budget - Restrictions changed to: - None - Owner - Owner and users - Owner, users and library - Restricted users cannot spent on these budgets (they cannot modify them either) Modified pages: - admin/aqbudgets.pl - admin/aqplan.pl - suggestion/suggestion.pl - acqui/acqui-home.pl - acqui/addorderiso2709.pl - acqui/basket.pl - acqui/neworderempty.pl Unit tests in t/Budgets/CanUserUseBudget.t and t/Budgets/CanUserModifyBudget.t Bug 7304 tmp Signed-off-by: Paul Poulain --- C4/Budgets.pm | 158 ++++++++ acqui/acqui-home.pl | 12 +- acqui/addorderiso2709.pl | 20 +- acqui/basket.pl | 6 +- acqui/neworderempty.pl | 5 +- ...wner_search.pl => aqbudget_user_search.pl} | 51 +-- admin/aqbudgets.pl | 95 +++-- admin/aqplan.pl | 4 + .../mysql/de-DE/mandatory/userpermissions.sql | 1 + .../mysql/en/mandatory/userpermissions.sql | 1 + .../mysql/es-ES/mandatory/userpermissions.sql | 1 + .../fr-FR/1-Obligatoire/userpermissions.sql | 1 + .../mysql/it-IT/necessari/userpermissions.sql | 1 + installer/data/mysql/kohastructure.sql | 16 + .../nb-NO/1-Obligatorisk/userpermissions.sql | 1 + .../mysql/pl-PL/mandatory/userpermissions.sql | 1 + .../mandatory/permissions_and_user_flags.sql | 1 + .../mandatory/permissions_and_user_flags.sql | 1 + installer/data/mysql/updatedatabase.pl | 24 ++ koha-tmpl/intranet-tmpl/prog/en/js/acq.js | 7 - .../en/modules/admin/aqbudget_owner_search.tt | 77 ---- .../en/modules/admin/aqbudget_user_search.tt | 111 ++++++ .../prog/en/modules/admin/aqbudgets.tt | 152 ++++++-- suggestion/suggestion.pl | 17 +- t/Budgets/CanUserModifyBudget.t | 340 ++++++++++++++++++ t/Budgets/CanUserUseBudget.t | 250 +++++++++++++ 26 files changed, 1151 insertions(+), 203 deletions(-) rename admin/{aqbudget_owner_search.pl => aqbudget_user_search.pl} (58%) delete mode 100644 koha-tmpl/intranet-tmpl/prog/en/modules/admin/aqbudget_owner_search.tt create mode 100644 koha-tmpl/intranet-tmpl/prog/en/modules/admin/aqbudget_user_search.tt create mode 100644 t/Budgets/CanUserModifyBudget.t create mode 100644 t/Budgets/CanUserUseBudget.t diff --git a/C4/Budgets.pm b/C4/Budgets.pm index 7a261d0f15..e9732ac83a 100644 --- a/C4/Budgets.pm +++ b/C4/Budgets.pm @@ -44,6 +44,11 @@ BEGIN { &GetPeriodsCount &GetChildBudgetsSpent + &GetBudgetUsers + &ModBudgetUsers + &CanUserUseBudget + &CanUserModifyBudget + &GetBudgetPeriod &GetBudgetPeriods &ModBudgetPeriod @@ -652,6 +657,159 @@ sub GetBudgets { return SearchInTable("aqbudgets",$filters, $orderby, undef,undef, undef, "wide"); } +=head2 GetBudgetUsers + + my @borrowernumbers = &GetBudgetUsers($budget_id); + +Return the list of borrowernumbers linked to a budget + +=cut + +sub GetBudgetUsers { + my ($budget_id) = @_; + + my $dbh = C4::Context->dbh; + my $query = qq{ + SELECT borrowernumber + FROM aqbudgetborrowers + WHERE budget_id = ? + }; + my $sth = $dbh->prepare($query); + $sth->execute($budget_id); + + my @borrowernumbers; + while (my ($borrowernumber) = $sth->fetchrow_array) { + push @borrowernumbers, $borrowernumber + } + + return @borrowernumbers; +} + +=head2 ModBudgetUsers + + &ModBudgetUsers($budget_id, @borrowernumbers); + +Modify the list of borrowernumbers linked to a budget + +=cut + +sub ModBudgetUsers { + my ($budget_id, @budget_users_id) = @_; + + return unless $budget_id; + + my $dbh = C4::Context->dbh; + my $query = "DELETE FROM aqbudgetborrowers WHERE budget_id = ?"; + my $sth = $dbh->prepare($query); + $sth->execute($budget_id); + + $query = qq{ + INSERT INTO aqbudgetborrowers (budget_id, borrowernumber) + VALUES (?,?) + }; + $sth = $dbh->prepare($query); + foreach my $borrowernumber (@budget_users_id) { + next unless $borrowernumber; + $sth->execute($budget_id, $borrowernumber); + } +} + +sub CanUserUseBudget { + my ($borrower, $budget, $userflags) = @_; + + if (not ref $borrower) { + $borrower = C4::Members::GetMember(borrowernumber => $borrower); + } + if (not ref $budget) { + $budget = GetBudget($budget); + } + + return 0 unless ($borrower and $budget); + + if (not defined $userflags) { + $userflags = C4::Auth::getuserflags($borrower->{flags}, + $borrower->{userid}); + } + + unless ($userflags->{superlibrarian} + || (ref $userflags->{acquisition} + && $userflags->{acquisition}->{budget_manage_all}) + || (!ref $userflags->{acquisition} && $userflags->{acquisition})) + { + if (not exists $userflags->{acquisition}) { + return 0; + } + + if (!ref $userflags->{acquisition} && !$userflags->{acquisition}) { + return 0; + } + + # Budget restricted to owner + if ($budget->{budget_permission} == 1 + && $budget->{budget_owner_id} + && $budget->{budget_owner_id} != $borrower->{borrowernumber}) { + return 0; + } + + my @budget_users = GetBudgetUsers($budget->{budget_id}); + + # Budget restricted to owner, users and library + if ($budget->{budget_permission} == 2 + && $budget->{budget_owner_id} + && $budget->{budget_owner_id} != $borrower->{borrowernumber} + && (0 == grep {$borrower->{borrowernumber} == $_} @budget_users) + && defined $budget->{budget_branchcode} + && $budget->{budget_branchcode} ne C4::Context->userenv->{branch}) { + return 0; + } + + # Budget restricted to owner and users + if ($budget->{budget_permission} == 3 + && $budget->{budget_owner_id} + && $budget->{budget_owner_id} != $borrower->{borrowernumber} + && (0 == grep {$borrower->{borrowernumber} == $_} @budget_users)) { + return 0; + } + } + + return 1; +} + +sub CanUserModifyBudget { + my ($borrower, $budget, $userflags) = @_; + + if (not ref $borrower) { + $borrower = C4::Members::GetMember(borrowernumber => $borrower); + } + if (not ref $budget) { + $budget = GetBudget($budget); + } + + return 0 unless ($borrower and $budget); + + if (not defined $userflags) { + $userflags = C4::Auth::getuserflags($borrower->{flags}, + $borrower->{userid}); + } + + unless ($userflags->{superlibrarian} + || (ref $userflags->{acquisition} + && $userflags->{acquisition}->{budget_manage_all}) + || (!ref $userflags->{acquisition} && $userflags->{acquisition})) + { + if (!CanUserUseBudget($borrower, $budget, $userflags)) { + return 0; + } + + if (ref $userflags->{acquisition} + && !$userflags->{acquisition}->{budget_modify}) { + return 0; + } + } + + return 1; +} + # ------------------------------------------------------------------- =head2 GetCurrencies diff --git a/acqui/acqui-home.pl b/acqui/acqui-home.pl index 69482a819e..8b6c584738 100755 --- a/acqui/acqui-home.pl +++ b/acqui/acqui-home.pl @@ -41,7 +41,7 @@ use C4::Debug; use C4::Suggestions; my $query = CGI->new; -my ( $template, $loggedinuser, $cookie ) = get_template_and_user( +my ( $template, $loggedinuser, $cookie, $userflags ) = get_template_and_user( { template_name => 'acqui/acqui-home.tmpl', query => $query, type => 'intranet', @@ -78,9 +78,7 @@ if ( $cur_format eq 'FR' ) { my $status = $query->param('status') || "ASKED"; my $suggestions_count = CountSuggestion($status); -my $budget_arr = - GetBudgetHierarchy( '', $user->{branchcode}, - $template->{VARS}->{'USER_INFO'}[0]->{'borrowernumber'} ); +my $budget_arr = GetBudgetHierarchy; my $total = 0; my $totspent = 0; @@ -93,7 +91,9 @@ my $totspent_active = 0; my $totordered_active = 0; my $totavail_active = 0; +my @budget_loop; foreach my $budget ( @{$budget_arr} ) { + next unless (CanUserUseBudget($loggedinuser, $budget, $userflags)); $budget->{budget_code_indent} =~ s/\ /\ \;/g; @@ -136,11 +136,13 @@ foreach my $budget ( @{$budget_arr} ) { for my $field (qw( budget_amount budget_spent budget_ordered budget_avail ) ) { $budget->{$field} = $num_formatter->format_price( $budget->{$field} ); } + + push @budget_loop, $budget; } $template->param( type => 'intranet', - loop_budget => $budget_arr, + loop_budget => \@budget_loop, branchname => $branchname, total => $num_formatter->format_price($total), totspent => $num_formatter->format_price($totspent), diff --git a/acqui/addorderiso2709.pl b/acqui/addorderiso2709.pl index 23020c7177..002fbf519a 100755 --- a/acqui/addorderiso2709.pl +++ b/acqui/addorderiso2709.pl @@ -46,14 +46,15 @@ use C4::Branch; # GetBranches use C4::Members; my $input = new CGI; -my ($template, $loggedinuser, $cookie) = get_template_and_user({ - template_name => "acqui/addorderiso2709.tmpl", - query => $input, - type => "intranet", - authnotrequired => 0, - flagsrequired => { acquisition => 'order_manage' }, - debug => 1, - }); +my ($template, $loggedinuser, $cookie, $userflags) = get_template_and_user({ + template_name => "acqui/addorderiso2709.tmpl", + query => $input, + type => "intranet", + authnotrequired => 0, + flagsrequired => { acquisition => 'order_manage' }, + debug => 1, +}); + my $cgiparams = $input->Vars; my $op = $cgiparams->{'op'}; my $booksellerid = $input->param('booksellerid'); @@ -276,8 +277,9 @@ my $budget = GetBudget($budget_id); # build budget list my $budget_loop = []; -$budgets = GetBudgetHierarchy( q{}, $borrower->{branchcode}, $borrower->{borrowernumber} ); +$budgets = GetBudgetHierarchy; foreach my $r ( @{$budgets} ) { + next unless (CanUserUseBudget($borrower, $r, $userflags)); if ( !defined $r->{budget_amount} || $r->{budget_amount} == 0 ) { next; } diff --git a/acqui/basket.pl b/acqui/basket.pl index de668917f5..67ace5c831 100755 --- a/acqui/basket.pl +++ b/acqui/basket.pl @@ -68,7 +68,7 @@ my $query = new CGI; my $basketno = $query->param('basketno'); my $booksellerid = $query->param('booksellerid'); -my ( $template, $loggedinuser, $cookie ) = get_template_and_user( +my ( $template, $loggedinuser, $cookie, $userflags ) = get_template_and_user( { template_name => "acqui/basket.tmpl", query => $query, @@ -351,12 +351,14 @@ my $total_est_gste; my @orders = GetOrders($basketno); my $borrower= GetMember('borrowernumber' => $loggedinuser); - my $budgets = GetBudgetHierarchy(q{},$borrower->{branchcode},$borrower->{borrowernumber}); + my $budgets = GetBudgetHierarchy; my $has_budgets = 0; foreach my $r (@{$budgets}) { if (!defined $r->{budget_amount} || $r->{budget_amount} == 0) { next; } + next unless (CanUserUseBudget($loggedinuser, $r, $userflags)); + $has_budgets = 1; last; } diff --git a/acqui/neworderempty.pl b/acqui/neworderempty.pl index 08693d1e35..a461a1bbba 100755 --- a/acqui/neworderempty.pl +++ b/acqui/neworderempty.pl @@ -110,7 +110,7 @@ my $new = 'no'; my $budget_name; -my ( $template, $loggedinuser, $cookie ) = get_template_and_user( +my ( $template, $loggedinuser, $cookie, $userflags ) = get_template_and_user( { template_name => "acqui/neworderempty.tmpl", query => $input, @@ -251,8 +251,9 @@ my ( $flags, $homebranch )= ($borrower->{'flags'},$borrower->{'branchcode'}); my $budget = GetBudget($budget_id); # build budget list my $budget_loop = []; -my $budgets = GetBudgetHierarchy(q{},$borrower->{branchcode},$borrower->{borrowernumber}); +my $budgets = GetBudgetHierarchy; foreach my $r (@{$budgets}) { + next unless (CanUserUseBudget($borrower, $r, $userflags)); if (!defined $r->{budget_amount} || $r->{budget_amount} == 0) { next; } diff --git a/admin/aqbudget_owner_search.pl b/admin/aqbudget_user_search.pl similarity index 58% rename from admin/aqbudget_owner_search.pl rename to admin/aqbudget_user_search.pl index 5c73e9eb48..1bef1530a1 100755 --- a/admin/aqbudget_owner_search.pl +++ b/admin/aqbudget_user_search.pl @@ -1,6 +1,6 @@ #!/usr/bin/perl -# script to find a guarantor +# script to find owner and users for a budget # Copyright 2008-2009 BibLibre SARL # @@ -19,8 +19,8 @@ # with Koha; if not, write to the Free Software Foundation, Inc., # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -use strict; -#use warnings; FIXME - Bug 2505 +use Modern::Perl; + use C4::Auth ; use C4::Output; use CGI; @@ -32,7 +32,7 @@ my $input = new CGI; my $dbh = C4::Context->dbh; my ( $template, $loggedinuser, $cookie, $staff_flags ) = get_template_and_user( - { template_name => "admin/aqbudget_owner_search.tmpl", + { template_name => "admin/aqbudget_user_search.tt", query => $input, type => "intranet", authnotrequired => 0, @@ -41,16 +41,10 @@ my ( $template, $loggedinuser, $cookie, $staff_flags ) = get_template_and_user( } ); -my $theme = $input->param('theme') || "default"; - # only used if allowthemeoverride is set -my $member = $input->param('member'); -my $orderby = $input->param('orderby'); +my $type = $input->param('type'); +my $member = $input->param('member') // ''; -my $op = $input->param('op'); -$template->param( $op || else => 1, ); - -$orderby = "surname,firstname" unless $orderby; $member =~ s/,//g; #remove any commas from search string $member =~ s/\*/%/g; if ( $member eq '' ) { @@ -59,33 +53,20 @@ if ( $member eq '' ) { $template->param( results => 1 ); } -my ( $count, $count2, $results ); my @resultsdata; -my $toggle = 0; if ( $member ) { - my $results= Search($member,"surname"); + my $results = Search($member, "surname"); foreach my $res (@$results) { - my $perms = haspermission( $res->{'userid'} ); - my $subperms = get_user_subpermissions ($res->{'userid'} ); - + my $subperms = get_user_subpermissions( $res->{'userid'} ); # if the member has 'acqui' permission set, then display to table. - if ( $perms->{superlibrarian} == 1 || - $perms->{acquisition} == 1 || - $subperms->{acquisition}->{'budget_manage'} || - $subperms->{acquisition}->{'budget_modify'} || - $subperms->{acquisition}->{'budget_add_del'} ) { - - $count2++; - #find out stats -# my ( $od, $issue, $fines ) = GetMemberIssuesAndFines( $res->{'borrowerid'} ); - #This looks unused and very unuseful - my $guarantorinfo = uc( $res->{'surname'} ) . " , " . ucfirst( $res->{'firstname'} ); - my $budget_owner_name = $res->{'firstname'} . ' ' . $res->{'surname'}, my $budget_owner_id = $res->{'borrowernumber'}; - + if ( $perms->{superlibrarian} == 1 || + $perms->{acquisition} == 1 || + exists $subperms->{acquisition} ) + { my %row = ( borrowernumber => $res->{'borrowernumber'}, cardnumber => $res->{'cardnumber'}, @@ -93,12 +74,6 @@ if ( $member ) { firstname => $res->{'firstname'}, categorycode => $res->{'categorycode'}, branchcode => $res->{'branchcode'}, - guarantorinfo => $guarantorinfo, - budget_owner_id => $budget_owner_id, - budget_owner_name => $budget_owner_name, -# odissue => "$od/$issue", -# fines => $fines, -# borrowernotes => $res->{'borrowernotes'} ); push( @resultsdata, \%row ); } @@ -106,8 +81,8 @@ if ( $member ) { } $template->param( + type => $type, member => $member, - numres => $count2, resultsloop => \@resultsdata ); diff --git a/admin/aqbudgets.pl b/admin/aqbudgets.pl index 39fffdb7c1..c5f99e3d71 100755 --- a/admin/aqbudgets.pl +++ b/admin/aqbudgets.pl @@ -19,8 +19,8 @@ # with Koha; if not, write to the Free Software Foundation, Inc., # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -use strict; -#use warnings; FIXME - Bug 2505 +use Modern::Perl; + use CGI; use List::Util qw/min/; use Number::Format qw(format_price); @@ -56,15 +56,17 @@ $template->param( symbol => $cur->{symbol}, currency => $cur->{currency} ); -my $op = $input->param('op'); +my $op = $input->param('op') // ''; # see if the user want to see all budgets or only owned ones my $show_mine = 1; #SHOW BY DEFAULT -my $show = $input->param('show'); # SET TO 1, BY A FORM SUMBIT +my $show = $input->param('show') // 0; # SET TO 1, BY A FORM SUMBIT $show_mine = $input->param('show_mine') if $show == 1; # IF USER DOESNT HAVE PERM FOR AN 'ADD', THEN REDIRECT TO THE DEFAULT VIEW... -if ( not defined $template->{VARS}->{'CAN_user_acquisition_budget_add_del'} && $op == 'add_form' ) { +if (not defined $template->{VARS}->{'CAN_user_acquisition_budget_add_del'} + and $op eq 'add_form') +{ $op = ''; } my $num=FormatNumber; @@ -73,7 +75,7 @@ my $script_name = "/cgi-bin/koha/admin/aqbudgets.pl"; my $budget_hash = $input->Vars; my $budget_id = $$budget_hash{budget_id}; my $budget_permission = $input->param('budget_permission'); -my $filter_budgetbranch = $input->param('filter_budgetbranch'); +my $filter_budgetbranch = $input->param('filter_budgetbranch') // ''; my $filter_budgetname = $input->param('filter_budgetname'); #filtering non budget keys delete $$budget_hash{$_} foreach grep {/filter|^op$|show/} keys %$budget_hash; @@ -126,7 +128,12 @@ if ($op eq 'add_form') { # pass the period_id to build the dropbox - because we only want to show budgets from this period my $dropbox_disabled; if (defined $budget_id ) { ### MOD - $budget = GetBudget($budget_id); + $budget = GetBudget($budget_id); + if (!CanUserModifyBudget($borrowernumber, $budget, $staffflags)) { + $template->param(error_not_authorised_to_modify => 1); + output_html_with_http_headers $input, $cookie, $template->output; + exit; + } $dropbox_disabled = BudgetHasChildren($budget_id); my $borrower = &GetMember( borrowernumber=>$budget->{budget_owner_id} ); $budget->{budget_owner_name} = $borrower->{'firstname'} . ' ' . $borrower->{'surname'}; @@ -189,6 +196,24 @@ if ($op eq 'add_form') { $template->param($budget_permission => 1); } + if ($budget) { + my @budgetusers = GetBudgetUsers($budget->{budget_id}); + my @budgetusers_loop; + foreach my $borrowernumber (@budgetusers) { + my $member = C4::Members::GetMember( + borrowernumber => $borrowernumber); + push @budgetusers_loop, { + firstname => $member->{firstname}, + surname => $member->{surname}, + borrowernumber => $borrowernumber + }; + } + $template->param( + budget_users => \@budgetusers_loop, + budget_users_ids => join ':', @budgetusers + ); + } + # if no buget_id is passed then its an add $template->param( add_validate => 1, @@ -218,10 +243,24 @@ if ($op eq 'add_form') { if ( $op eq 'delete_confirmed' ) { my $rc = DelBudget($budget_id); }elsif( $op eq 'add_validate' ) { + my @budgetusersid; + if (defined $$budget_hash{'budget_users_ids'}){ + @budgetusersid = split(':', $budget_hash->{'budget_users_ids'}); + } + if ( defined $$budget_hash{budget_id} ) { - ModBudget( $budget_hash ); + if (CanUserModifyBudget($borrowernumber, $budget_hash->{budget_id}, + $staffflags) + ) { + ModBudget( $budget_hash ); + ModBudgetUsers($budget_hash->{budget_id}, @budgetusersid); + } + else { + $template->param(error_not_authorised_to_modify => 1); + } } else { AddBudget( $budget_hash ); + ModBudgetUsers($budget_hash->{budget_id}, @budgetusersid); } } my $branches = GetBranches(); @@ -230,8 +269,10 @@ if ($op eq 'add_form') { %$period, ); - my $moo = GetBudgetHierarchy($$period{budget_period_id}, C4::Context->userenv->{branchcode}, $show_mine?$borrower_id:''); - my @budgets = @$moo; #FIXME + my @budgets = @{ + GetBudgetHierarchy($$period{budget_period_id}, + C4::Context->userenv->{branchcode}, $show_mine ? $borrower_id : '') + }; my $toggle = 0; my @loop; @@ -245,31 +286,9 @@ if ($op eq 'add_form') { $budget->{'total_levels_spent'} = GetChildBudgetsSpent($budget->{"budget_id"}); # PERMISSIONS - unless($staffflags->{'superlibrarian'} % 2 == 1 ) { - #IF NO PERMS, THEN DISABLE EDIT/DELETE - unless ( $template->{VARS}->{'CAN_user_acquisition_budget_modify'} ) { - $budget->{'budget_lock'} = 1; - } - # check budget permission - if ( $$period{budget_period_locked} == 1 ) { - $budget->{'budget_lock'} = 1; - - } elsif ( $budget->{budget_permission} == 1 ) { - - if ( $borrower_id != $budget->{'budget_owner_id'} ) { - $budget->{'budget_lock'} = 1; - } - # check parent perms too - my $parents_perm = 0; - if ( $budget->{depth} > 0 ) { - $parents_perm = CheckBudgetParentPerm( $budget, $borrower_id ); - delete $budget->{'budget_lock'} if $parents_perm == '1'; - } - } elsif ( $budget->{budget_permission} == 2 ) { - - $budget->{'budget_lock'} = 1 if $user_branchcode ne $budget->{budget_branchcode}; - } - } # ...SUPER_LIB END + unless(CanUserModifyBudget($borrowernumber, $budget, $staffflags)) { + $budget->{'budget_lock'} = 1; + } # if a budget search doesnt match, next if ($filter_budgetname) { @@ -288,7 +307,9 @@ if ($op eq 'add_form') { $budget->{'budget_remaining'} = $budget->{'budget_amount'} - $budget->{'total_levels_spent'}; # if amount == 0 dont display... - delete $budget->{'budget_unalloc_sublevel'} if $budget->{'budget_unalloc_sublevel'} == 0 ; + delete $budget->{'budget_unalloc_sublevel'} + if (!defined $budget->{'budget_unalloc_sublevel'} + or $budget->{'budget_unalloc_sublevel'} == 0); $budget->{'remaining_pos'} = 1 if $budget->{'budget_remaining'} > 0; $budget->{'remaining_neg'} = 1 if $budget->{'budget_remaining'} < 0; @@ -312,7 +333,7 @@ if ($op eq 'add_form') { push @budget_hierarchy, { element_name => $parent->{"budget_name"}, element_id => $parent->{"budget_id"} }; $parent_id = $parent->{"budget_parent_id"}; } - push @budget_hierarchy, { element_name => $period->{"budget_period_description"} }; + push @budget_hierarchy, { element_name => $period->{"budget_period_description"} }; @budget_hierarchy = reverse(@budget_hierarchy); push( @loop, { %{$budget}, diff --git a/admin/aqplan.pl b/admin/aqplan.pl index ffb1145606..9cc8c5990d 100755 --- a/admin/aqplan.pl +++ b/admin/aqplan.pl @@ -354,6 +354,10 @@ my ( @budget_lines, %cell_hash ); foreach my $budget (@budgets) { my $budget_lock; + unless (CanUserUseBudget($borrowernumber, $budget, $staff_flags)) { + $budget_lock = 1 + } + # check budget permission if ( $period->{budget_period_locked} == 1 ) { $budget_lock = 1; diff --git a/installer/data/mysql/de-DE/mandatory/userpermissions.sql b/installer/data/mysql/de-DE/mandatory/userpermissions.sql index 54fd531a5d..a4bda594b6 100644 --- a/installer/data/mysql/de-DE/mandatory/userpermissions.sql +++ b/installer/data/mysql/de-DE/mandatory/userpermissions.sql @@ -16,6 +16,7 @@ INSERT INTO permissions (module_bit, code, description) VALUES (11, 'group_manage', 'Bestellgruppen vewalten'), (11, 'order_receive', 'Lieferungen verwalten'), (11, 'budget_add_del', 'Konten hinzufügen/ändern, aber bestehende nicht ändern'), + (11, 'budget_manage_all', 'Manage all budgets'), (13, 'edit_news', 'Nachrichten für OPAC und Dienstoberfläche verfassen'), (13, 'label_creator', 'Etiketten und Barcodes aus Katalog- und Benutzerdaten erstellen'), (13, 'edit_calendar', 'Schließtage eintragen'), diff --git a/installer/data/mysql/en/mandatory/userpermissions.sql b/installer/data/mysql/en/mandatory/userpermissions.sql index 70f89e2d67..72cc70f23e 100644 --- a/installer/data/mysql/en/mandatory/userpermissions.sql +++ b/installer/data/mysql/en/mandatory/userpermissions.sql @@ -16,6 +16,7 @@ INSERT INTO permissions (module_bit, code, description) VALUES (11, 'group_manage', 'Manage orders & basketgroups'), (11, 'order_receive', 'Manage orders & basket'), (11, 'budget_add_del', 'Add and delete budgets (but cant modify budgets)'), + (11, 'budget_manage_all', 'Manage all budgets'), (13, 'edit_news', 'Write news for the OPAC and staff interfaces'), (13, 'label_creator', 'Create printable labels and barcodes from catalog and patron data'), (13, 'edit_calendar', 'Define days when the library is closed'), diff --git a/installer/data/mysql/es-ES/mandatory/userpermissions.sql b/installer/data/mysql/es-ES/mandatory/userpermissions.sql index 70f89e2d67..72cc70f23e 100644 --- a/installer/data/mysql/es-ES/mandatory/userpermissions.sql +++ b/installer/data/mysql/es-ES/mandatory/userpermissions.sql @@ -16,6 +16,7 @@ INSERT INTO permissions (module_bit, code, description) VALUES (11, 'group_manage', 'Manage orders & basketgroups'), (11, 'order_receive', 'Manage orders & basket'), (11, 'budget_add_del', 'Add and delete budgets (but cant modify budgets)'), + (11, 'budget_manage_all', 'Manage all budgets'), (13, 'edit_news', 'Write news for the OPAC and staff interfaces'), (13, 'label_creator', 'Create printable labels and barcodes from catalog and patron data'), (13, 'edit_calendar', 'Define days when the library is closed'), diff --git a/installer/data/mysql/fr-FR/1-Obligatoire/userpermissions.sql b/installer/data/mysql/fr-FR/1-Obligatoire/userpermissions.sql index d6362e8e2f..c96e9c6376 100644 --- a/installer/data/mysql/fr-FR/1-Obligatoire/userpermissions.sql +++ b/installer/data/mysql/fr-FR/1-Obligatoire/userpermissions.sql @@ -33,6 +33,7 @@ INSERT INTO permissions (module_bit, code, description) VALUES (11, 'group_manage', 'Gérer les commandes et les bons de commande'), (11, 'order_receive', 'Gérer les réceptions'), (11, 'budget_add_del', 'Ajouter et supprimer les budgets (mais pas modifier)'), + (11, 'budget_manage_all', 'Gérer tous les budgets'), (13, 'manage_csv_profiles', 'Gérer les profils d''export CSV'), (13, 'moderate_tags', 'Modérer les tags des adhérents'), (13, 'rotating_collections', 'Gérer les collections tournantes'), diff --git a/installer/data/mysql/it-IT/necessari/userpermissions.sql b/installer/data/mysql/it-IT/necessari/userpermissions.sql index 03dd32c31d..8be056c3f0 100644 --- a/installer/data/mysql/it-IT/necessari/userpermissions.sql +++ b/installer/data/mysql/it-IT/necessari/userpermissions.sql @@ -18,6 +18,7 @@ INSERT INTO permissions (module_bit, code, description) VALUES (11, 'group_manage', 'Gestisci ordini e raccoglitori raggruppati'), (11, 'order_receive', 'Gestisci arrivi'), (11, 'budget_add_del', 'Aggiungi e cancella budgets (senza modificarli)'), + (11, 'budget_manage_all', 'Manage all budgets'), (13, 'edit_news', 'Scrivi le news per l\'OPAC e per l\'interfaccia staff'), (13, 'label_creator', 'Crea etichette da stampare e barcodes dal catalogo e dai dati degli utenti'), (13, 'edit_calendar', 'Definisci i giorni di chiusura della biblioteca'), diff --git a/installer/data/mysql/kohastructure.sql b/installer/data/mysql/kohastructure.sql index 54498c3573..e1105a5977 100644 --- a/installer/data/mysql/kohastructure.sql +++ b/installer/data/mysql/kohastructure.sql @@ -2642,6 +2642,22 @@ CREATE TABLE `aqbudgets` ( PRIMARY KEY (`budget_id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; +-- +-- Table structure for table aqbudgetborrowers +-- + +DROP TABLE IF EXISTS aqbudgetborrowers; +CREATE TABLE aqbudgetborrowers ( + budget_id int(11) NOT NULL, + borrowernumber int(11) NOT NULL, + PRIMARY KEY (budget_id, borrowernumber), + CONSTRAINT aqbudgetborrowers_ibfk_1 FOREIGN KEY (budget_id) + REFERENCES aqbudgets (budget_id) + ON DELETE CASCADE ON UPDATE CASCADE, + CONSTRAINT aqbudgetborrowers_ibfk_2 FOREIGN KEY (borrowernumber) + REFERENCES borrowers (borrowernumber) + ON DELETE CASCADE ON UPDATE CASCADE +) ENGINE=InnoDB DEFAULT CHARSET=utf8; -- -- Table structure for table `aqbudgetperiods` diff --git a/installer/data/mysql/nb-NO/1-Obligatorisk/userpermissions.sql b/installer/data/mysql/nb-NO/1-Obligatorisk/userpermissions.sql index fd3989d909..3ef9666f53 100644 --- a/installer/data/mysql/nb-NO/1-Obligatorisk/userpermissions.sql +++ b/installer/data/mysql/nb-NO/1-Obligatorisk/userpermissions.sql @@ -37,6 +37,7 @@ INSERT INTO permissions (module_bit, code, description) VALUES (11, 'group_manage', 'Administrere bestillinger og kurv-grupper'), (11, 'order_receive', 'Administrere bestillinger og kurver'), (11, 'budget_add_del', 'Legge til og slette budsjetter (men ikke endre budsjetter)'), + (11, 'budget_manage_all', 'Manage all budgets'), (13, 'edit_news', 'Legge ut nyhter i OPACen og det interne grensesnittet'), (13, 'label_creator', 'Lage etiketter og strekkoder basert pÃ¥ bibliografiske poster og lÃ¥nerdata'), (13, 'edit_calendar', 'Definere dager da biblioteket er stengt'), diff --git a/installer/data/mysql/pl-PL/mandatory/userpermissions.sql b/installer/data/mysql/pl-PL/mandatory/userpermissions.sql index a9629c53c7..4cd583ec79 100644 --- a/installer/data/mysql/pl-PL/mandatory/userpermissions.sql +++ b/installer/data/mysql/pl-PL/mandatory/userpermissions.sql @@ -16,6 +16,7 @@ INSERT INTO permissions (module_bit, code, description) VALUES (11, 'group_manage', 'Manage orders & basketgroups'), (11, 'order_receive', 'Manage orders & basket'), (11, 'budget_add_del', 'Add and delete budgets (but cant modify budgets)'), + (11, 'budget_manage_all', 'Manage all budgets'), (13, 'edit_news', 'RTworzeniei publikowanie wiadomości w interfejsie bibliotekarza i OPAC'), (13, 'label_creator', 'Create printable labels and barcodes from catalog and patron data'), (13, 'edit_calendar', 'Define days when the library is closed'), diff --git a/installer/data/mysql/ru-RU/mandatory/permissions_and_user_flags.sql b/installer/data/mysql/ru-RU/mandatory/permissions_and_user_flags.sql index 07b154501d..f77ca01d94 100644 --- a/installer/data/mysql/ru-RU/mandatory/permissions_and_user_flags.sql +++ b/installer/data/mysql/ru-RU/mandatory/permissions_and_user_flags.sql @@ -40,6 +40,7 @@ INSERT INTO permissions (module_bit, code, description) VALUES (11, 'group_manage', 'Manage orders & basketgroups'), (11, 'order_receive', 'Manage orders & basket'), (11, 'budget_add_del', 'Add and delete budgets (but cant modify budgets)'), + (11, 'budget_manage_all', 'Manage all budgets'), (13, 'edit_news', 'Написание новостей для электронного каталога и интерфейса библиотекарей'), (13, 'label_creator', 'Создание печатных наклеек и штрихкодов из каталога и с данными о пользователях'), (13, 'edit_calendar', 'Определение дней, когда библиотека закрыта'), diff --git a/installer/data/mysql/uk-UA/mandatory/permissions_and_user_flags.sql b/installer/data/mysql/uk-UA/mandatory/permissions_and_user_flags.sql index 40034cf667..5e8b6f0c46 100644 --- a/installer/data/mysql/uk-UA/mandatory/permissions_and_user_flags.sql +++ b/installer/data/mysql/uk-UA/mandatory/permissions_and_user_flags.sql @@ -40,6 +40,7 @@ INSERT INTO permissions (module_bit, code, description) VALUES (11, 'group_manage', 'Manage orders & basketgroups'), (11, 'order_receive', 'Manage orders & basket'), (11, 'budget_add_del', 'Add and delete budgets (but cant modify budgets)'), + (11, 'budget_manage_all', 'Manage all budgets'), (13, 'edit_news', 'Написання новин для електронного каталогу та інтерфейсу бібліотекарів'), (13, 'label_creator', 'Створення друкованих наклейок і штрих-кодів з каталогу та з даними про користувачів'), (13, 'edit_calendar', 'Визначення днів, коли бібліотека закрита'), diff --git a/installer/data/mysql/updatedatabase.pl b/installer/data/mysql/updatedatabase.pl index d06a1883a9..a0fafb59d5 100755 --- a/installer/data/mysql/updatedatabase.pl +++ b/installer/data/mysql/updatedatabase.pl @@ -5392,6 +5392,30 @@ if (C4::Context->preference("Version") < TransformToNum($DBversion)) { SetVersion ($DBversion); } +$DBversion = "XXX"; +if (C4::Context->preference("Version") < TransformToNum($DBversion)) { + $dbh->do("DROP TABLE IF EXISTS aqbudgetborrowers"); + $dbh->do(" + CREATE TABLE aqbudgetborrowers ( + budget_id int(11) NOT NULL, + borrowernumber int(11) NOT NULL, + PRIMARY KEY (budget_id, borrowernumber), + CONSTRAINT aqbudgetborrowers_ibfk_1 FOREIGN KEY (budget_id) + REFERENCES aqbudgets (budget_id) + ON DELETE CASCADE ON UPDATE CASCADE, + CONSTRAINT aqbudgetborrowers_ibfk_2 FOREIGN KEY (borrowernumber) + REFERENCES borrowers (borrowernumber) + ON DELETE CASCADE ON UPDATE CASCADE + ) ENGINE=InnoDB DEFAULT CHARSET=utf8; + "); + $dbh->do(" + INSERT INTO permissions (module_bit, code, description) + VALUES (11, 'budget_manage_all', 'Manage all budgets') + "); + print "Upgrade to $DBversion done (Add aqbudgetborrowers table)\n"; + SetVersion($DBversion); +} + =head1 FUNCTIONS =head2 TableExists($table) diff --git a/koha-tmpl/intranet-tmpl/prog/en/js/acq.js b/koha-tmpl/intranet-tmpl/prog/en/js/acq.js index 70e988ed41..2efeba0e92 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/js/acq.js +++ b/koha-tmpl/intranet-tmpl/prog/en/js/acq.js @@ -531,14 +531,7 @@ function log(message) { logLine.appendChild(log.window_.document.createTextNode(message)); log.window_.document.body.appendChild(logLine); } -//======================================================================= - - - function ownerPopup(f) { - window.open("/cgi-bin/koha/admin/aqbudget_owner_search.pl?op=budget",'PatronPopup','width=740,height=450,location=yes,toolbar=no,scrollbars=yes,resize=yes'); - } - // //======================================================================= function getElementsByClass( searchClass, domNode, tagName) { if (domNode == null) domNode = document; diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/aqbudget_owner_search.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/aqbudget_owner_search.tt deleted file mode 100644 index 79ebcd87b2..0000000000 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/aqbudget_owner_search.tt +++ /dev/null @@ -1,77 +0,0 @@ -[% INCLUDE 'doc-head-open.inc' %] -Koha › Budget owner search -[% INCLUDE 'doc-head-close.inc' %] - - - - - - - -
-
-
- - -

Search for budget owner

-
-
- - - - - -
-
Only staff with superlibrarian or acquisitions permissions are returned in the search results
- -
- - -[% IF ( results ) %] -

Searched for [% member %], [% numresults %] patron(s) found:

- - - - - - - - - - [% FOREACH resultsloo IN resultsloop %] - [% IF ( resultsloo.toggle ) %][% ELSE %][% END %] - - - - - - - [% END %] -
CardnumberNameLibraryCategorycodeSelect?
[% resultsloo.cardnumber %][% resultsloo.surname %], [% resultsloo.firstname %][% resultsloo.branchcode %][% resultsloo.categorycode %] - -
-[% END %] - - -
-
-[% INCLUDE 'intranet-bottom.inc' %] diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/aqbudget_user_search.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/aqbudget_user_search.tt new file mode 100644 index 0000000000..316a00ab38 --- /dev/null +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/aqbudget_user_search.tt @@ -0,0 +1,111 @@ +[% INCLUDE 'doc-head-open.inc' %] +Koha › Budget + [% IF (type == 'owner') %] + owner + [% ELSE %] + user + [% END %] + search + +[% INCLUDE 'doc-head-close.inc' %] + + + + + + +
+
+
+ +

Search for budget + [% IF (type == 'owner') %] + owner + [% ELSE %] + user + [% END %] +

+
+
+ + + + +
+ +
+ Only staff with superlibrarian or acquisitions permissions are returned + in the search results. +
+
+ + +[% IF ( results ) %] +

Searched for [% member %], + [% resultsloop.size || 0 %] patron(s) found:

+ + + + + + + + + + + + + + [% FOREACH result IN resultsloop %] + + + + + + + + [% END %] + +
CardnumberNameLibraryCategorycodeSelect?
[% result.cardnumber %][% result.surname %], [% result.firstname %][% result.branchcode %][% result.categorycode %] + Select +
+[% END %] + +
+ Close +
+
+
+[% INCLUDE 'intranet-bottom.inc' %] diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/aqbudgets.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/aqbudgets.tt index bf778c7907..ba308b6c3f 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/aqbudgets.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/aqbudgets.tt @@ -6,12 +6,66 @@ [% IF ( add_form ) %]