Without this patch only catalogue permission was required
for managing suggestions. This patch adds a new permission
in the acquisition module do manage suggestions and updates
staff user permissions accordingly.
To test:
- Make sure there is a pending suggestion
- Create a few users with different permission sets:
- User 1: only catalogue
- User 2: any acquisition permission
- User 3: cataloguing permission
- Check all of them can access: /cgi-bin/koha/suggestion/suggestion.pl
- Apply the patch
- Verify all of them now have the suggestions_manage permission
- Verify everything displays correctly on:
- intranet start page
- patron account in staff
- acquisition start page
- suggestion page (try to access by URL too)
- Remove suggestions_manage for a staff user
- Repeat tests above, access should be denied/links not visible
Bonus:
- Fixes the link on the acquisition start page for late orders
to mage the permissions of the page itself: order_receive
Signed-off-by: Séverine QUEUNE <severine.queune@bulac.fr>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
--- /dev/null
+INSERT INTO permissions (module_bit, code, description) VALUES (11, 'suggestions_manage', 'Manage purchase suggestions');
+
+INSERT INTO user_permissions (borrowernumber, module_bit, code)
+ SELECT borrowernumber, 11, 'suggestions_manage' FROM borrowers WHERE flags & (1 << 2);
+
+-- Bug 19911: Add new permission suggestions_manage and update staff users
(10, 'writeoff', 'Write off fines and fees'),
(10, 'remaining_permissions', 'Remaining permissions for managing fines and fees'),
(11, 'currencies_manage', 'Manage currencies and exchange rates'),
(10, 'writeoff', 'Write off fines and fees'),
(10, 'remaining_permissions', 'Remaining permissions for managing fines and fees'),
(11, 'currencies_manage', 'Manage currencies and exchange rates'),
+ (11, 'suggestions_manage', 'Manage purchase suggestions'),
(11, 'vendors_manage', 'Manage vendors'),
(11, 'contracts_manage', 'Manage contracts'),
(11, 'period_manage', 'Manage budgets'),
(11, 'vendors_manage', 'Manage vendors'),
(11, 'contracts_manage', 'Manage contracts'),
(11, 'period_manage', 'Manage budgets'),
<h5>Acquisitions</h5>
<ul>
<li><a href="/cgi-bin/koha/acqui/acqui-home.pl">Acquisitions home</a></li>
<h5>Acquisitions</h5>
<ul>
<li><a href="/cgi-bin/koha/acqui/acqui-home.pl">Acquisitions home</a></li>
- <li><a href="/cgi-bin/koha/acqui/lateorders.pl">Late orders</a></li>
- [% IF ( suggestion ) %]<li><a href="/cgi-bin/koha/suggestion/suggestion.pl">Suggestions</a></li>[% END %]
- <li><a href="/cgi-bin/koha/acqui/invoices.pl">Invoices</a></li>
+ [% IF ( CAN_user_acquisition_order_receive ) %]<li><a href="/cgi-bin/koha/acqui/lateorders.pl">Late orders</a></li>[% END %]
+ [% IF ( suggestion && CAN_user_acquisition_suggestions_manage ) %]<li><a href="/cgi-bin/koha/suggestion/suggestion.pl">Suggestions</a></li>[% END %]
+ <li><a href="/cgi-bin/koha/acqui/invoices.pl">Invoices</a></li>
[% IF CAN_user_acquisition_edi_manage %]
<li><a href="/cgi-bin/koha/acqui/edifactmsgs.pl">EDIFACT messages</a></li>
[% END %]
[% IF CAN_user_acquisition_edi_manage %]
<li><a href="/cgi-bin/koha/acqui/edifactmsgs.pl">EDIFACT messages</a></li>
[% END %]
- [% IF CAN_user_borrowers_edit_borrowers %]
+ [% IF CAN_user_acquisition_suggestions_manage %]
[% IF ( suggestionsview ) %]<li class="active">[% ELSE %]<li>[% END %]<a href="/cgi-bin/koha/members/purchase-suggestions.pl?borrowernumber=[% patron.borrowernumber %]">Purchase suggestions</a></li>
[% END %]
[% IF CAN_user_borrowers_edit_borrowers && useDischarge %]
[% IF ( suggestionsview ) %]<li class="active">[% ELSE %]<li>[% END %]<a href="/cgi-bin/koha/members/purchase-suggestions.pl?borrowernumber=[% patron.borrowernumber %]">Purchase suggestions</a></li>
[% END %]
[% IF CAN_user_borrowers_edit_borrowers && useDischarge %]
[%- CASE 'fast_cataloging' -%]<span>Fast cataloging</span>
[%- CASE 'remaining_permissions' -%]<span>Remaining permissions for managing fines and fees</span>
[%- CASE 'writeoff' -%]<span>Write off fines and fees</span>
[%- CASE 'fast_cataloging' -%]<span>Fast cataloging</span>
[%- CASE 'remaining_permissions' -%]<span>Remaining permissions for managing fines and fees</span>
[%- CASE 'writeoff' -%]<span>Write off fines and fees</span>
- [%- CASE 'budget_add_del' -%]<span>Add and delete funds (but can't modify funds)</span>
- [%- CASE 'budget_manage' -%]<span>Manage funds</span>
- [%- CASE 'budget_manage_all' -%]<span>Manage all funds</span>
- [%- CASE 'budget_modify' -%]<span>Modify funds (can't create lines, but can modify existing ones)</span>
+ [%- CASE 'suggestions_manage' -%]<span>Manage purchase suggestions</span>
+ [%- CASE 'budget_add_del' -%]<span>Add and delete budgets (but can't modify budgets)</span>
+ [%- CASE 'budget_manage' -%]<span>Manage budgets</span>
+ [%- CASE 'budget_manage_all' -%]<span>Manage all budgets</span>
+ [%- CASE 'budget_modify' -%]<span>Modify budget (can't create lines, but can modify existing ones)</span>
[%- CASE 'contracts_manage' -%]<span>Manage contracts</span>
[%- CASE 'group_manage' -%]<span>Manage basket groups</span>
[%- CASE 'order_manage' -%]<span>Manage basket and order lines</span>
[%- CASE 'contracts_manage' -%]<span>Manage contracts</span>
[%- CASE 'group_manage' -%]<span>Manage basket groups</span>
[%- CASE 'order_manage' -%]<span>Manage basket and order lines</span>
- [% IF ( CAN_user_acquisition && pendingsuggestions ) %]
+ [% IF ( CAN_user_acquisition_suggestions_manage && pendingsuggestions ) %]
<div class="pending-info" id="suggestions_pending">
<a href="/cgi-bin/koha/suggestion/suggestion.pl#ASKED">Suggestions pending approval</a>:
<div class="pending-info" id="suggestions_pending">
<a href="/cgi-bin/koha/suggestion/suggestion.pl#ASKED">Suggestions pending approval</a>:
query => $input,
type => "intranet",
authnotrequired => 0,
query => $input,
type => "intranet",
authnotrequired => 0,
- flagsrequired => { borrowers => 'edit_borrowers' },
+ flagsrequired => { acquisition => 'suggestions_manage' },
template_name => "suggestion/suggestion.tt",
query => $input,
type => "intranet",
template_name => "suggestion/suggestion.tt",
query => $input,
type => "intranet",
- flagsrequired => { catalogue => 1 },
+ flagsrequired => { acquisition => 'suggestions_manage' },