Bug 14686: Add Upload to Tools menu

This patch makes sure that the added granular permissions work as
advertised.

Note: The field owner was not included in the Koha::Upload->get response.
The code to verify if a user is allowed to delete an upload, is concentrated
in the template now. When get returns a Koha::Object, this check could be
relocated.

Test plan:
[1] Verify that the current user has permission for tools, or has
    at least upload_general_files.
[2] Do you see Upload in the Tools menu? Follow the link.
[3] Upload a permanent file (with a category).
[4] Do you see the Delete button in the results form?
[5] Make sure that another user has no permission to upload.
[6] Login as that user and check the Tools menu.
    Try the URL [yourserver]/cgi-bin/koha/tools/upload.pl
    You should have no access to the upload form.
[7] Enable upload_general_files for this user. Go to upload and search for
    the upload from step 3. You should not see a Delete button.
[8] Enable upload_manage for this user. Search for the upload again.
    Delete the upload.
[9] Go to upload via the Cataloguing editor (856$u plugin) or add
    parameter "plugin=1" to the URL. You should not see the Tools menu.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Brendan Gallagher <bredan@bywatersolutions.com>

diff --git a/Koha/Upload.pm b/Koha/Upload.pm
index 9da2637..5cd1c62 100644 (file)
--- a/Koha/Upload.pm
+++ b/Koha/Upload.pm
@@ -170,7 +170,7 @@ sub get {
     my ( @rv, $res);
     foreach my $r ( @$temp ) {
         undef $res;
-        foreach( qw[id hashvalue filesize uploadcategorycode public permanent] ) {
+        foreach( qw[id hashvalue filesize uploadcategorycode public permanent owner] ) {
             $res->{$_} = $r->{$_};
         }
         $res->{name} = $r->{filename};
@@ -366,7 +366,7 @@ sub _lookup {
     my ( $self, $params ) = @_;
     my $dbh = C4::Context->dbh;
     my $sql = q|
-SELECT id,hashvalue,filename,dir,filesize,uploadcategorycode,public,permanent
+SELECT id,hashvalue,filename,dir,filesize,uploadcategorycode,public,permanent,owner
 FROM uploaded_files
     |;
     my @pars;

diff --git a/koha-tmpl/intranet-tmpl/prog/en/includes/tools-menu.inc b/koha-tmpl/intranet-tmpl/prog/en/includes/tools-menu.inc
index 4ef2a8e..25de0b1 100644 (file)
--- a/koha-tmpl/intranet-tmpl/prog/en/includes/tools-menu.inc
+++ b/koha-tmpl/intranet-tmpl/prog/en/includes/tools-menu.inc
@@ -117,4 +117,7 @@
     [% IF ( CAN_user_tools_edit_quotes ) %]
        <li><a href="/cgi-bin/koha/tools/quotes.pl">Quote editor</a></li>
     [% END %]
+    [% IF ( CAN_user_tools_upload_general_files ) %]
+       <li><a href="/cgi-bin/koha/tools/upload.pl">Upload any file</a></li>
+    [% END %]
 </ul></div></div>

diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/tools/tools-home.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/tools/tools-home.tt
index 514900a..220c2bf 100644 (file)
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/tools/tools-home.tt
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/tools/tools-home.tt
@@ -109,6 +109,11 @@
     <dd>Manage EDIfact transmissions</dd>
     [% END %]
 
+    [% IF ( CAN_user_tools_upload_general_files ) %]
+    <dt><a href="/cgi-bin/koha/tools/upload.pl">Upload</a></dt>
+    <dd>Upload any type of file, manage uploads</dd>
+    [% END %]
+
 </dl>
 </div>
 <div class="yui-u">

diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/tools/upload.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/tools/upload.tt
index 6e20a8f..686b508 100644 (file)
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/tools/upload.tt
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/tools/upload.tt
@@ -182,7 +182,9 @@
                 <a href="" onclick="Choose('[% record.hashvalue %]'); return false;">Choose</a>&nbsp;
             [% END %]
             <a href="" onclick="SubmitMe( 'download', [% record.id %] ); return false;">Download</a>&nbsp;
-            <a href="" onclick="DeleteEntry( [% record.id %] ); return false;">Delete</a>
+            [% IF record.owner == owner || CAN_user_tools_upload_manage %]
+                <a href="" onclick="DeleteEntry( [% record.id %] ); return false;">Delete</a>
+            [% END %]
         </td>
    </tr>
    [% END %]
@@ -334,7 +336,6 @@ $(document).ready(function() {
     <div class="yui-b">
 
 <h1>Upload</h1>
-
 <div class="dialog alert" id="myalerts" style="display:none;"></div>
 
 [% PROCESS submitter %]
@@ -356,6 +357,12 @@ $(document).ready(function() {
 
 </div>
 </div>
-</div>
 
+[% IF !plugin %]
+    <div class="yui-b noprint">
+        [% INCLUDE 'tools-menu.inc' %]
+    </div>
+[% END %]
+
+</div>
 [% INCLUDE 'intranet-bottom.inc' %]

diff --git a/tools/upload.pl b/tools/upload.pl
index 5d9c8e7..45b8d1c 100755 (executable)
--- a/tools/upload.pl
+++ b/tools/upload.pl
@@ -38,13 +38,14 @@ my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
         query           => $input,
         type            => "intranet",
         authnotrequired => 0,
-        flagsrequired   => { editcatalogue => '*' },
+        flagsrequired   => { tools => 'upload_general_files' },
     }
 );
 
 $template->param(
-    plugin => $plugin,
-    index  => $index,
+    index      => $index,
+    owner      => $loggedinuser,
+    plugin     => $plugin,
 );
 
 my $upar = $plugin ? { public => 1 } : {};
@@ -54,6 +55,7 @@ if ( $op eq 'new' ) {
         uploadcategories => Koha::Upload->getCategories,
     );
     output_html_with_http_headers $input, $cookie, $template->output;
+
 } elsif ( $op eq 'search' ) {
     my $h = $id ? { id => $id } : { term => $term };
     my @uploads = Koha::Upload->new($upar)->get($h);
@@ -63,8 +65,8 @@ if ( $op eq 'new' ) {
         uploads => \@uploads,
     );
     output_html_with_http_headers $input, $cookie, $template->output;
-} elsif ( $op eq 'delete' ) {
 
+} elsif ( $op eq 'delete' ) {
     # delete only takes the id parameter
     my $upl = Koha::Upload->new($upar);
     my ($fn) = $upl->delete( { id => $id } );
@@ -79,6 +81,7 @@ if ( $op eq 'new' ) {
         uploadcategories => $upl->getCategories,
     );
     output_html_with_http_headers $input, $cookie, $template->output;
+
 } elsif ( $op eq 'download' ) {
     my $upl = Koha::Upload->new($upar);
     my $rec = $upl->get( { id => $id, filehandle => 1 } );