From 7fb8f3638859b1e27c2954363b175030fadbee17 Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Wed, 11 Dec 2019 16:37:46 +0100 Subject: [PATCH] Bug 24157: New permission - delete_invoices Add a new permission to delete invoices Test plan: - Remove the new permission "delete_invoices" for a given patron, use it to log in into Koha - Create an invoice, try to delete it => There is no way to delete it - Add the permission => Now you can delete the invoice Sponsored-by: Galway-Mayo Institute of Technology Signed-off-by: Owen Leonard Signed-off-by: Alex Arnaud Signed-off-by: Jonathan Druart --- acqui/invoice.pl | 4 ++++ installer/data/mysql/atomicupdate/bug_24157.perl | 7 ++++++- installer/data/mysql/userpermissions.sql | 1 + koha-tmpl/intranet-tmpl/prog/en/includes/permissions.inc | 5 +++++ koha-tmpl/intranet-tmpl/prog/en/modules/acqui/invoices.tt | 2 +- 5 files changed, 17 insertions(+), 2 deletions(-) diff --git a/acqui/invoice.pl b/acqui/invoice.pl index f784b3e4d0..a65b6d8939 100755 --- a/acqui/invoice.pl +++ b/acqui/invoice.pl @@ -110,6 +110,10 @@ elsif ( $op && $op eq 'mod' ) { $template->param( modified => 1 ); } elsif ( $op && $op eq 'delete' ) { + + output_and_exit( $input, $cookie, $template, 'insufficient_permission' ) + unless $logged_in_patron->has_permission( { acquisition => 'delete_invoices' } ); + DelInvoice($invoiceid); defined($invoice_files) && $invoice_files->DelAllFiles(); my $referer = $input->param('referer') || 'invoices.pl'; diff --git a/installer/data/mysql/atomicupdate/bug_24157.perl b/installer/data/mysql/atomicupdate/bug_24157.perl index f03c3a37de..031b7a0a39 100644 --- a/installer/data/mysql/atomicupdate/bug_24157.perl +++ b/installer/data/mysql/atomicupdate/bug_24157.perl @@ -11,6 +11,11 @@ if( CheckVersion( $DBversion ) ) { |); + $dbh->do(q| + INSERT IGNORE INTO permissions (module_bit, code, description) VALUES + (11, 'delete_invoices', 'Delete invoices') + |); + SetVersion( $DBversion ); - print "Upgrade to $DBversion done (Bug 24157: Add new permissions reopen_closed_invoices, edit_invoices)\n"; + print "Upgrade to $DBversion done (Bug 24157: Add new permissions reopen_closed_invoices, edit_invoices delete_invoices)\n"; } diff --git a/installer/data/mysql/userpermissions.sql b/installer/data/mysql/userpermissions.sql index 201fb6c509..f9a6cda1ae 100644 --- a/installer/data/mysql/userpermissions.sql +++ b/installer/data/mysql/userpermissions.sql @@ -67,6 +67,7 @@ INSERT INTO permissions (module_bit, code, description) VALUES (11, 'edi_manage', 'Manage EDIFACT transmissions'), (11, 'reopen_closed_invoices', 'Reopen closed invoices'), (11, 'edit_invoices', 'Edit invoices'), + (11, 'delete_invoices', 'Delete invoices'), (12, 'suggestions_manage', 'Manage purchase suggestions'), (13, 'edit_news', 'Write news for the OPAC and staff interfaces'), (13, 'label_creator', 'Create printable labels and barcodes from catalog and patron data'), diff --git a/koha-tmpl/intranet-tmpl/prog/en/includes/permissions.inc b/koha-tmpl/intranet-tmpl/prog/en/includes/permissions.inc index 20d9d497f1..8ebde449a5 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/includes/permissions.inc +++ b/koha-tmpl/intranet-tmpl/prog/en/includes/permissions.inc @@ -700,6 +700,11 @@ Edit invoices ([% name | html %]) + [%- CASE 'delete_invoices' -%] + + Delete invoices + + ([% name | html %]) [%# self_check %] [%- CASE 'self_checkin_module' -%] diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/invoices.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/invoices.tt index 5c574dcc95..06d97452f2 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/invoices.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/invoices.tt @@ -90,7 +90,7 @@ [% END %] [% END %] [% UNLESS invoice.receivedbiblios || invoice.receiveditems %] - [% IF CAN_user_acquisition_edit_invoices %] + [% IF CAN_user_acquisition_delete_invoices %]
  • Delete
  • [% END %] [% END %] -- 2.39.5