Bug 14686: Add two granular permission for upload under tools

[1] Upload_general_files
    This will allow you to access the tools/upload form via the Tools menu.
    And it will also allow you to add permanent uploads.

[2] Upload_manage
    It will allow you to delete uploads from other users.
    Note that anyone may delete his own uploads.
    It is not meant to include upload_general_files.

In order to not disturb existing users that now have edit_catalogue and are
using the plugin (read: added at least one record to uploaded_files), we
will add the first permission for them. New users will need to be authorized
in the usual way thereafter.

Note: If you only have one of the other permissions checked in allows_add_by,
e.g. stage_marc_import, you can add temporary uploads, but not permanent
uploads.

Test plan:
We are only testing the dbrev here, not if the perm works as advertised.
[1] Run the dbrev and check that you see the perms with a description on
    the Patron/Set permissions page.
[2] If you had records in uploaded_files and a user with edit_catalogue
    *only*, verify that this user now also has upload_general_files.

Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Brendan Gallagher <bredan@bywatersolutions.com>

diff --git a/installer/data/mysql/atomicupdate/14686_permissions.sql b/installer/data/mysql/atomicupdate/14686_permissions.sql
new file mode 100644 (file)
index 0000000..24b4747
--- /dev/null
+++ b/installer/data/mysql/atomicupdate/14686_permissions.sql
@@ -0,0 +1,20 @@
+-- Insert permission
+INSERT IGNORE INTO permissions (module_bit, code, description) VALUES
+    (13, 'upload_general_files', 'Upload any file'),
+    (13, 'upload_manage', 'Manage uploaded files');
+
+-- Update user_permissions for current users (check count in uploaded_files)
+-- Note 9 == edit_catalogue and 13 == tools
+-- We do not insert if someone is superlibrarian, does not have edit_catalogue,
+-- or already has all tools
+INSERT IGNORE INTO user_permissions (borrowernumber, module_bit, code)
+    SELECT borrowernumber, 13, 'upload_general_files'
+    FROM borrowers bo
+    WHERE flags<>1 AND flags & POW(2,13) = 0 AND
+        ( flags & POW(2,9) > 0 OR (
+            SELECT COUNT(*) FROM user_permissions
+            WHERE borrowernumber=bo.borrowernumber AND module_bit=9 ) > 0 )
+        AND ( SELECT COUNT(*) FROM uploaded_files ) > 0
+
+# Copy-paste for RM use:
+#    print "Upgrade to $DBversion done (Bug 14686 - New menu option and permission for file uploading)\n";

diff --git a/koha-tmpl/intranet-tmpl/prog/en/includes/permissions.inc b/koha-tmpl/intranet-tmpl/prog/en/includes/permissions.inc
index 4a262b9..68c6001 100644 (file)
--- a/koha-tmpl/intranet-tmpl/prog/en/includes/permissions.inc
+++ b/koha-tmpl/intranet-tmpl/prog/en/includes/permissions.inc
@@ -100,5 +100,7 @@
     [%- CASE 'report' -%]<span>Use report plugins</span>
     [%- CASE 'tool' -%]<span>Use tool plugins</span>
     [%- CASE 'delete_public_lists' -%]<span>Delete public lists</span>
+    [%- CASE 'upload_general_files' -%]<span>Upload any file</span>
+    [%- CASE 'upload_manage' -%]<span>Manage uploaded files (<i>Useless without upload_general_files</i>)</span>
     [%- END -%]
 [%- END -%]