}
}
- if (C4::Context->preference('GranularPermissions')) {
- if ( $flags ) {
- foreach my $module (keys %$all_perms) {
- if ( $flags->{$module} == 1) {
- foreach my $subperm (keys %{ $all_perms->{$module} }) {
- $template->param( "CAN_user_${module}_${subperm}" => 1 );
- }
- } elsif ( ref($flags->{$module}) ) {
- foreach my $subperm (keys %{ $flags->{$module} } ) {
- $template->param( "CAN_user_${module}_${subperm}" => 1 );
- }
- }
- }
- }
- } else {
+ if ( $flags ) {
foreach my $module (keys %$all_perms) {
- foreach my $subperm (keys %{ $all_perms->{$module} }) {
- $template->param( "CAN_user_${module}_${subperm}" => 1 );
+ if ( $flags->{$module} == 1) {
+ foreach my $subperm (keys %{ $all_perms->{$module} }) {
+ $template->param( "CAN_user_${module}_${subperm}" => 1 );
+ }
+ } elsif ( ref($flags->{$module}) ) {
+ foreach my $subperm (keys %{ $flags->{$module} } ) {
+ $template->param( "CAN_user_${module}_${subperm}" => 1 );
+ }
}
}
}
proceed. To make sure that access control is correct, the
C<$flagsrequired> parameter must be specified correctly.
-If the GranularPermissions system preference is ON, the
-value of each key in the C<flagsrequired> hash takes on an additional
-meaning, e.g.,
+Koha also has a concept of sub-permissions, also known as
+granular permissions. This makes the value of each key
+in the C<flagsrequired> hash take on an additional
+meaning, i.e.,
1
}
return $flags if $flags->{superlibrarian};
foreach my $module ( keys %$flagsrequired ) {
- if (C4::Context->preference('GranularPermissions')) {
- my $subperm = $flagsrequired->{$module};
- if ($subperm eq '*') {
- return 0 unless ( $flags->{$module} == 1 or ref($flags->{$module}) );
- } else {
- return 0 unless ( $flags->{$module} == 1 or
- ( ref($flags->{$module}) and
- exists $flags->{$module}->{$subperm} and
- $flags->{$module}->{$subperm} == 1
- )
- );
- }
+ my $subperm = $flagsrequired->{$module};
+ if ($subperm eq '*') {
+ return 0 unless ( $flags->{$module} == 1 or ref($flags->{$module}) );
} else {
- return 0 unless ( $flags->{$module} );
+ return 0 unless ( $flags->{$module} == 1 or
+ ( ref($flags->{$module}) and
+ exists $flags->{$module}->{$subperm} and
+ $flags->{$module}->{$subperm} == 1
+ )
+ );
}
}
return $flags;
my $script_name = "/cgi-bin/koha/admin/authorised_values.pl";
my $dbh = C4::Context->dbh;
-# my $subpermission = C4::Context->preference('GranularPermissions') ?
-# { editcatalogue => ... } :
-# { parameters => 1 } ;
-
my ($template, $borrowernumber, $cookie)= get_template_and_user({
template_name => "admin/authorised_values.tmpl",
authnotrequired => 0,
- flagsrequired => {parameters => 1}, # soon $subpermission
+ flagsrequired => {parameters => 1},
query => $input,
type => "intranet",
debug => 1,
$tabsysprefs{SessionStorage} = "Admin";
$tabsysprefs{noItemTypeImages} = "Admin";
$tabsysprefs{OPACBaseURL} = "Admin";
-$tabsysprefs{GranularPermissions} = "Admin";
# Authorities
$tabsysprefs{authoritysep} = "Authorities";
INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES('OAI-PMH:ConfFile','','If empty, Koha OAI Server operates in normal mode, otherwise it operates in extended mode.',NULL,'File');
INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES('OPACItemHolds','1','Allow OPAC users to place hold on specific items. If OFF, users can only request next available copy.','','YesNo');
-INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES('GranularPermissions','0','Use detailed staff user permissions',NULL,'YesNo');
INSERT INTO `systempreferences` (variable, value,options,type, explanation) VALUES ('AddPatronLists','categorycode','categorycode|category_type','Choice','Allow user to choose what list to pick up from when adding patrons');
INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES('ExtendedPatronAttributes','0','Use extended patron IDs and attributes',NULL,'YesNo');
INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES('OAI-PMH:ConfFile','','If empty, Koha OAI Server operates in normal mode, otherwise it operates in extended mode.',NULL,'File');
INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES('OPACItemHolds','1','Allow OPAC users to place hold on specific items. If OFF, users can only request next available copy.','','YesNo');
-INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES('GranularPermissions','0','Use detailed staff user permissions',NULL,'YesNo');
INSERT INTO `systempreferences` (variable, value,options,type, explanation) VALUES ('AddPatronLists','categorycode','categorycode|category_type','Choice','Allow user to choose what list to pick up from when adding patrons');
INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES('ExtendedPatronAttributes','0','Use extended patron IDs and attributes',NULL,'YesNo');
INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES('CircControl',"ItemHomeLibrary",'Précise la bibliothèque qui contrôle les règles de prêt et d''amende',"PickupLibrary|PatronLibrary|ItemHomeLibrary",'Choice');
INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES('OPACItemHolds','1','Si activé, les adhérents peuvent placer des réservations sur un exemplaire spécifique. Sinon, il ne peuvent que réserver le prochain disponible.','','YesNo');
-INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES('GranularPermissions','0','Utiliser les permissions détaillées',NULL,'YesNo');
INSERT INTO `systempreferences` (variable, value,options,type, explanation) VALUES ('AddPatronLists','categorycode','categorycode|category_type','Choice','Slectionner categorycode ou category_type permet d''afficher la liste des catégories ou des types de catégories à l''ajout d''un lecteur');
INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES('ExtendedPatronAttributes','0','Utiliser les attributs étendus pour les adhérents',NULL,'YesNo');
INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES('RenewSerialAddsSuggestion','0','Si activé, génère une suggestion d''achat à chaque Renouvellement d''abonnement',NULL,'YesNo');
INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES('OAI-PMH:Subset','itemtype=\'BOOK\'','Restrict answer to matching raws of the biblioitems table EXPERIMENTAL',NULL,'Free');
INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES('OPACItemHolds','1','Allow OPAC users to place hold on specific items. If OFF, users can only request next available copy.','','YesNo');
-INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES('GranularPermissions','0','Use detailed staff user permissions',NULL,'YesNo');
INSERT INTO `systempreferences` (variable, value,options,type, explanation) VALUES ('AddPatronLists','categorycode','categorycode|category_type','Choice','Allow user to choose what list to pick up from when adding patrons');
INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES('ExtendedPatronAttributes','0','Use extended patron IDs and attributes',NULL,'YesNo');
INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES('OAI-PMH:Subset','itemtype=\'BOOK\'','Restrict answer to matching raws of the biblioitems table EXPERIMENTAL',NULL,'Free');
INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES('OPACItemHolds','1','Allow OPAC users to place hold on specific items. If OFF, users can only request next available copy.','','YesNo');
-INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES('GranularPermissions','0','Use detailed staff user permissions',NULL,'YesNo');
INSERT INTO `systempreferences` (variable, value,options,type, explanation) VALUES ('AddPatronLists','categorycode','categorycode|category_type','Choice','Allow user to choose what list to pick up from when adding patrons');
INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES('ExtendedPatronAttributes','1','Use extended patron IDs and attributes',NULL,'YesNo');
UPDATE systempreferences SET explanation='Список загруженных структур в веб-инсталляторе' WHERE variable='FrameworksLoaded';
-- Frameworks loaded through webinstaller
-UPDATE systempreferences SET explanation='Использование подразделения привилегий для работников' WHERE variable='GranularPermissions';
--- Use detailed staff user permissions
UPDATE systempreferences SET explanation='Если включено, то повышает безопасность между библиотеками. Используется, когда библиотеки используют одну инсталляцию Коха.' WHERE variable='IndependantBranches';
-- If ON, increases security between libraries
INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES('OAI-PMH:Subset','itemtype=\'BOOK\'','Restrict answer to matching raws of the biblioitems table EXPERIMENTAL',NULL,'Free');
INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES('OPACItemHolds','1','Allow OPAC users to place hold on specific items. If OFF, users can only request next available copy.','','YesNo');
-INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES('GranularPermissions','0','Use detailed staff user permissions',NULL,'YesNo');
INSERT INTO `systempreferences` (variable, value,options,type, explanation) VALUES ('AddPatronLists','categorycode','categorycode|category_type','Choice','Allow user to choose what list to pick up from when adding patrons');
INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES('ExtendedPatronAttributes','1','Use extended patron IDs and attributes',NULL,'YesNo');
UPDATE systempreferences SET explanation='Перелік завантажених структур у веб-встановлювачі' WHERE variable='FrameworksLoaded';
-- Frameworks loaded through webinstaller
-UPDATE systempreferences SET explanation='Використання підрозділення привілеїв для працівників' WHERE variable='GranularPermissions';
--- Use detailed staff user permissions
-
UPDATE systempreferences SET explanation='Якщо ввімкнуто, то підвищує безпеку між бібліотеками. Використовується, коли бібліотеки використовують одну інсталяцію Коха.' WHERE variable='IndependantBranches';
-- If ON, increases security between libraries
}
+$DBversion = "3.01.00.138";
+if (C4::Context->preference("Version") < TransformToNum($DBversion)) {
+ $dbh->do("DELETE FROM systempreferences WHERE variable = 'GranularPermissions'");
+ print "Upgrade to $DBversion done (bug 4896: removing GranularPermissions syspref; use of granular permissions is now the default)";
+ SetVersion ($DBversion);
+}
=item DropAllForeignKeys($table)
Pg: in the PostgreSQL database (not supported).
tmp: as temporary files.
-
- - Control staff access to pages within Koha based on
- - pref: GranularPermissions
- default: 0
- choices:
- yes: the specific page.
- no: the general module (such as administration or circulation).
- -
- pref: IndependantBranches
default: 0
choices:
- of CAS when logging out of Koha.
-
- The CAS Authentication Server can be found at
- - pref: casServerUrl
\ No newline at end of file
+ - pref: casServerUrl
<span style="background-color: #ffe599">
TIP: If a staff member is set to 'superlibrarian' they have access to all functions and do not need any other permissions checked</span></li>
</ul></li>
- <li>To give staff members more granular permissions, you can turn on the GranularPermissions system preference
- <ul>
- <li><em>Get there:</em> More > Administration > General preferences > Admin > GranularPermissions</li>
- <li>If this setting is on the permissions menu will offer more granual permissions</li>
- <li>This allows staff members access to specific tools
- <ul>
- <li>
- <span style="background-color: #ffe599">
-TIP: If this preference is turned OFF after being ON, the system reverts to the original behavior, although the specific permissions are retained. This means if a staff member has been given granular permissions they will retain those even if this is turned OFF</span></li>
- </ul></li>
- </ul></li>
</ul>
<h3>What will each permission level do?</h3>
<li><strong>circulate</strong>
<ul>
<li>Ability for logged in user to check books out and back in</li>
- <li>With GranularPermissions on this section will be expanded to allow access to specific ciculation functions.
- <ul>
- <li><em>Get there:</em> More > Administration > Global System Preferences > Admin > GranularPermissions</li>
- </ul></li>
</ul></li>
<li><strong>catalog</strong>
<ul>
<li><strong>tools</strong>
<ul>
<li>Use tools (export, import, barcodes)</li>
- <li>With GranularPermissions on this section will be expanded to allow access only to specific tools
- <ul>
- <li><em>Get there:</em> More > Administration > Global System Preferences > Admin > GranularPermissions</li>
- </ul></li>
</ul></li>
<li><strong>editauthorities</strong>
<ul>
<ul>
<li>Provides the ability to modify login / permissions for staff users</li>
</ul></li>
- </ul><!-- TMPL_INCLUDE NAME="help-bottom.inc" -->
\ No newline at end of file
+ </ul><!-- TMPL_INCLUDE NAME="help-bottom.inc" -->
use strict;
sub kohaversion {
- our $VERSION = '3.01.00.137';
+ our $VERSION = '3.01.00.138';
# version needs to be set this way
# so that it can be picked up by Makefile.PL
# during install
$sth = $dbh->prepare("UPDATE borrowers SET flags=? WHERE borrowernumber=?");
$sth->execute($module_flags, $member);
- if (C4::Context->preference('GranularPermissions')) {
- # deal with subpermissions
- $sth = $dbh->prepare("DELETE FROM user_permissions WHERE borrowernumber = ?");
- $sth->execute($member);
- $sth = $dbh->prepare("INSERT INTO user_permissions (borrowernumber, module_bit, code)
- SELECT ?, bit, ?
- FROM userflags
- WHERE flag = ?");
- foreach my $module (keys %sub_perms) {
- next if exists $all_module_perms{$module};
- foreach my $sub_perm (@{ $sub_perms{$module} }) {
- $sth->execute($member, $sub_perm, $module);
- }
+ # deal with subpermissions
+ $sth = $dbh->prepare("DELETE FROM user_permissions WHERE borrowernumber = ?");
+ $sth->execute($member);
+ $sth = $dbh->prepare("INSERT INTO user_permissions (borrowernumber, module_bit, code)
+ SELECT ?, bit, ?
+ FROM userflags
+ WHERE flag = ?");
+ foreach my $module (keys %sub_perms) {
+ next if exists $all_module_perms{$module};
+ foreach my $sub_perm (@{ $sub_perms{$module} }) {
+ $sth->execute($member, $sub_perm, $module);
}
}
checked => $checked,
flagdesc => $flagdesc );
- if (C4::Context->preference('GranularPermissions')) {
- my @sub_perm_loop = ();
- my $expand_parent = 0;
- if ($checked) {
- if (exists $all_perms->{$flag}) {
- $expand_parent = 1;
- foreach my $sub_perm (sort keys %{ $all_perms->{$flag} }) {
- push @sub_perm_loop, {
- id => "${flag}_$sub_perm",
- perm => "$flag:$sub_perm",
- code => $sub_perm,
- description => $all_perms->{$flag}->{$sub_perm},
- checked => 1
- };
- }
+ my @sub_perm_loop = ();
+ my $expand_parent = 0;
+ if ($checked) {
+ if (exists $all_perms->{$flag}) {
+ $expand_parent = 1;
+ foreach my $sub_perm (sort keys %{ $all_perms->{$flag} }) {
+ push @sub_perm_loop, {
+ id => "${flag}_$sub_perm",
+ perm => "$flag:$sub_perm",
+ code => $sub_perm,
+ description => $all_perms->{$flag}->{$sub_perm},
+ checked => 1
+ };
}
- } else {
- if (exists $user_perms->{$flag}) {
- $expand_parent = 1;
- # put selected ones first
- foreach my $sub_perm (sort keys %{ $user_perms->{$flag} }) {
- push @sub_perm_loop, {
- id => "${flag}_$sub_perm",
- perm => "$flag:$sub_perm",
- code => $sub_perm,
- description => $all_perms->{$flag}->{$sub_perm},
- checked => 1
- };
- }
+ }
+ } else {
+ if (exists $user_perms->{$flag}) {
+ $expand_parent = 1;
+ # put selected ones first
+ foreach my $sub_perm (sort keys %{ $user_perms->{$flag} }) {
+ push @sub_perm_loop, {
+ id => "${flag}_$sub_perm",
+ perm => "$flag:$sub_perm",
+ code => $sub_perm,
+ description => $all_perms->{$flag}->{$sub_perm},
+ checked => 1
+ };
}
- # then ones not selected
- if (exists $all_perms->{$flag}) {
- foreach my $sub_perm (sort keys %{ $all_perms->{$flag} }) {
- push @sub_perm_loop, {
- id => "${flag}_$sub_perm",
- perm => "$flag:$sub_perm",
- code => $sub_perm,
- description => $all_perms->{$flag}->{$sub_perm},
- checked => 0
- } unless exists $user_perms->{$flag} and exists $user_perms->{$flag}->{$sub_perm};
- }
+ }
+ # then ones not selected
+ if (exists $all_perms->{$flag}) {
+ foreach my $sub_perm (sort keys %{ $all_perms->{$flag} }) {
+ push @sub_perm_loop, {
+ id => "${flag}_$sub_perm",
+ perm => "$flag:$sub_perm",
+ code => $sub_perm,
+ description => $all_perms->{$flag}->{$sub_perm},
+ checked => 0
+ } unless exists $user_perms->{$flag} and exists $user_perms->{$flag}->{$sub_perm};
}
}
- $row{expand} = $expand_parent;
- if ($#sub_perm_loop > -1) {
+ }
+ $row{expand} = $expand_parent;
+ if ($#sub_perm_loop > -1) {
$row{sub_perm_loop} = \@sub_perm_loop;
- }
}
push @loop, \%row;
}
Used to set several system preferences at once. Each preference you want to set
should be sent prefixed with pref. If you wanted to turn off the
-GranularPermissions syspref, for instance, you would POST the following:
+virtualshelves syspref, for instance, you would POST the following:
-pref_GranularPermissions=0
+pref_virtualshelves=0
=cut