From bcab2416399e93f5ce9b1083395c052046d5d02a Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Tue, 14 Jul 2015 18:07:37 +0100 Subject: [PATCH] Bug 14354: Prevent edition of items from other branches if IndependentBranches is on MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit If IdependentBranches is ON, to edit/delete items from other branches you need to be superlibrarian. Currently a "simple" staff user cannot edit them from the edit item page but from the catalogue detail page. The edit links should not be displayed on this table. Test plan: O/ Set IndependentBranches to "Prevent". Create a record and add 2 items: Set homebranch to L1 for item I1. Set homebranch to L2 for item I2. 1/ With a superlibrarian user, you should be able to edit both items. 2/ With a "simple" user attached to L1, you should only be able to edit I1. The edit links should not be displayed for I2. Note that the checkbox is displayed on the catalogue detail page (item list), but on the batch tools, it won't be possible to select non-modifiable items. TODO: Add a server-side check. Indeed it is still possible to edit an item if the user know the url. Followed test plan. Works as expected. Signed-off-by: Marc Véron Signed-off-by: Katrin Fischer Signed-off-by: Tomas Cohen Arazi --- catalogue/detail.pl | 9 ++++++++- .../intranet-tmpl/prog/en/modules/catalogue/detail.tt | 7 +++++-- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/catalogue/detail.pl b/catalogue/detail.pl index b7ba9a4266..2a6dddbab4 100755 --- a/catalogue/detail.pl +++ b/catalogue/detail.pl @@ -199,7 +199,6 @@ if ($currentbranch and C4::Context->preference('SeparateHoldings')) { my $separatebranch = C4::Context->preference('SeparateHoldingsBranch') || 'homebranch'; foreach my $item (@items) { my $itembranchcode = $item->{$separatebranch}; - $item->{homebranch} = GetBranchName($item->{homebranch}); # can place holds defaults to yes $norequests = 0 unless ( ( $item->{'notforloan'} > 0 ) || ( $item->{'itemnotforloan'} > 0 ) ); @@ -279,6 +278,14 @@ foreach my $item (@items) { $item->{'course_reserves'} = GetItemCourseReservesInfo( itemnumber => $item->{'itemnumber'} ); } + if ( C4::Context->preference('IndependentBranches') ) { + my $userenv = C4::Context->userenv(); + if ( not C4::Context->IsSuperLibrarian() + and $userenv->{branch} ne $item->{homebranch} ) { + $item->{cannot_be_edited} = 1; + } + } + if ($currentbranch and $currentbranch ne "NO_LIBRARY_SET" and C4::Context->preference('SeparateHoldings')) { if ($itembranchcode and $itembranchcode eq $currentbranch) { diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/detail.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/detail.tt index 41730f58cf..73a97a95dd 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/detail.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/detail.tt @@ -1,6 +1,7 @@ [% USE Koha %] [% USE KohaDates %] [% USE AuthorisedValues %] +[% USE Branches %] [% ShowCourseReserves = 0 %] [% IF UseCourseReserves %] @@ -624,7 +625,7 @@ function verify_images() { [% END %] [% UNLESS ( singlebranchmode ) %][% item.branchname %] [% END %] - [% item.homebranch %][% item.location %] + [% Branches.GetName(item.homebranch) %][% item.location %] [% IF ( itemdata_ccode ) %][% item.ccode %][% END %] [% IF ( item.itemcallnumber ) %] [% item.itemcallnumber %][% END %] @@ -806,8 +807,10 @@ function verify_images() { [% END %] [% END %] - [% IF ( CAN_user_editcatalogue_edit_items ) %] + [% IF CAN_user_editcatalogue_edit_items and not item.cannot_be_edited %] Edit + [% ELSE %] + [% END %] [% END %] -- 2.39.5