use Koha::Patrons;
use Koha::Database;
use Koha::DateUtils qw( dt_from_string );
-use Koha::Exceptions;
+use Koha::Exceptions::Virtualshelf;
use Koha::Virtualshelfshare;
use Koha::Virtualshelfshares;
use Koha::Virtualshelfcontent;
my ( $self ) = @_;
unless ( $self->owner ) {
- Koha::Exceptions::Virtualshelves::UseDbAdminAccount->throw;
+ Koha::Exceptions::Virtualshelf::UseDbAdminAccount->throw;
}
unless ( $self->is_shelfname_valid ) {
- Koha::Exceptions::Virtualshelves::DuplicateObject->throw;
+ Koha::Exceptions::Virtualshelf::DuplicateObject->throw;
}
$self->allow_change_from_owner( 1 )
unless defined $self->allow_change_from_owner;
$self->allow_change_from_others( 0 )
unless defined $self->allow_change_from_others;
+ $self->allow_change_from_staff( 0 )
+ unless defined $self->allow_change_from_staff;
$self->created_on( dt_from_string )
unless defined $self->created_on;
sub share {
my ( $self, $key ) = @_;
unless ( $key ) {
- Koha::Exceptions::Virtualshelves::InvalidKeyOnSharing->throw;
+ Koha::Exceptions::Virtualshelf::InvalidKeyOnSharing->throw;
}
Koha::Virtualshelfshare->new(
{
return if $already_exists;
# Check permissions
- return unless ( $self->owner == $borrowernumber && $self->allow_change_from_owner ) || $self->allow_change_from_others;
+ my $patron = Koha::Patrons->find( $borrowernumber ) or return 0;
+ return 0 unless ( $self->owner == $borrowernumber && $self->allow_change_from_owner ) || ( $self->allow_change_from_staff && $patron->can_patron_change_staff_only_lists ) || $self->allow_change_from_others;
my $content = Koha::Virtualshelfcontent->new(
{
return unless @$biblionumbers;
my $number_removed = 0;
+ my $patron = Koha::Patrons->find( $borrowernumber ) or return 0;
if( ( $self->owner == $borrowernumber && $self->allow_change_from_owner )
+ || ( $self->allow_change_from_staff && $patron->can_patron_change_staff_only_lists )
|| $self->allow_change_from_others ) {
$number_removed += $self->get_contents->search({
biblionumber => $biblionumbers,
return 0 unless $borrowernumber;
return 1 if $self->owner == $borrowernumber;
- my $patron = Koha::Patrons->find( $borrowernumber );
+ my $patron = Koha::Patrons->find( $borrowernumber ) or return 0;
- return 1 if $self->is_public and C4::Auth::haspermission( $patron->userid, { lists => 'delete_public_lists' } );
+ return 1 if $self->is_public and haspermission( $patron->userid, { lists => 'delete_public_lists' } );
return 0;
}
my ( $self, $borrowernumber ) = @_;
return 1
if $borrowernumber and $self->owner == $borrowernumber;
+
+ my $patron = Koha::Patrons->find( $borrowernumber ) or return 0;
+ return 1
+ if $self->is_public and haspermission( $patron->userid, { lists => 'edit_public_lists' } );
return 0;
}
sub can_biblios_be_added {
my ( $self, $borrowernumber ) = @_;
+ my $patron = Koha::Patrons->find( $borrowernumber ) or return 0;
return 1
if $borrowernumber
- and ( ( $self->owner == $borrowernumber && $self->allow_change_from_owner ) or $self->allow_change_from_others );
+ and ( ( $self->owner == $borrowernumber && $self->allow_change_from_owner ) or ( $self->allow_change_from_staff && $patron->can_patron_change_staff_only_lists ) or $self->allow_change_from_others );
return 0;
}
# Same answer since bug 18228
}
+=head3 cannot_be_transferred
+
+ $shelf->cannot_be_transferred({
+ by => $p1, to => $p2, interface => opac|intranet|undef,
+ # p1 and p2 are borrowernumbers
+ });
+
+ This routine has two main goals:
+ [1] Decide if patron may transfer a shared list to another
+ sharee (patron).
+ [2] Decide if staff member may transfer a public list.
+
+ If you pass interface, we'll check if it supports transfer too.
+ NOTE: The explicit passing is still more reliable than via context,
+ since we could switch interface after login in the same session.
+
+ Returns a true value (read: error_code) when not allowed.
+ The following error codes are possible:
+ unauthorized_transfer, missing_by_parameter, new_owner_not_found,
+ new_owner_has_no_share, missing_to_parameter.
+ Otherwise returns false (zero).
+
+=cut
+
+sub cannot_be_transferred {
+ my ( $self, $params ) = @_;
+ my $to = $params->{to};
+ my $by = $params->{by};
+ my $interface = $params->{interface};
+
+ # Check on interface: currently we don't support transfer shared on intranet, transfer public on OPAC
+ if( $interface ) {
+ return 'unauthorized_transfer'
+ if ( $self->public && $interface eq 'opac' ) or
+ ( $self->is_private && $interface eq 'intranet' );
+ # is_private call is enough here, get_shares tested below
+ }
+
+ my $shares = $self->public ? undef : $self->get_shares->search({ borrowernumber => { '!=' => undef } });
+ return 'unauthorized_transfer' if $self->is_private && !$shares->count;
+
+ if( $by ) {
+ if( $self->public ) {
+ my $by_patron = Koha::Patrons->find($by);
+ return 'unauthorized_transfer'
+ if !$by_patron || !haspermission( $by_patron->userid, { lists => 'edit_public_lists' });
+ } else {
+ return 'unauthorized_transfer' if !$self->can_be_managed($by);
+ }
+ } else {
+ return 'missing_by_parameter';
+ }
+
+ if( $to ) {
+ if( !Koha::Patrons->find($to) ) {
+ return 'new_owner_not_found';
+ }
+ if( !$self->public && !$shares->search({ borrowernumber => $to })->count ) {
+ return 'new_owner_has_no_share';
+ }
+ } else {
+ return 'missing_to_parameter';
+ }
+ return 0; # serving as green light
+}
+
=head2 Internal methods
=head3 _type
projects / koha-ffzg.git / blobdiff