If a user only has the clubs and no permission from the tools section,
they can't access the patron clubs page by navigation. This patch
extends the permission checks for tools to include the clubs, that
live on the tools page, but have a top level permission.
To test:
- create a patron with only the catalogue and clubs permissions
- log in to the staff client as that patron
- navigate to a patron record, confirm you can see the Clubs tab in the patron account, can add patrons to and remove patrons from clubs
- confirm you don't have a link to the Tools module either on the Koha homepage or in the More menu
- enter the clubs URL manually (/cgi-bin/koha/clubs/clubs.pl), confirm you are allowed to open the page
- Apply patch
- The only changes should be:
- You can now see the Tools entry in the More navigation menu
- You can now see the Tools module link on the start page
- Both take you to the tools page, only visible tools is 'Patron clubs'
Signed-off-by: Andrew Fuerste-Henry <andrewfh@dubcolib.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
[% IF ( CAN_user_suggestions_suggestions_manage ) %]
<li><a href="/cgi-bin/koha/suggestion/suggestion.pl">Suggestions</a></li>
[% END %]
- [% IF ( CAN_user_tools ) %]
+ [% IF ( CAN_user_tools || CAN_user_clubs ) %]
<li><a href="/cgi-bin/koha/tools/tools-home.pl">Tools</a></li>
[% END %]
[% IF ( Koha.Preference('EnablePointOfSale') && Koha.Preference('UseCashRegisters') && CAN_user_cash_management_takepayment ) %]
[% END %]
- [% IF ( CAN_user_tools ) %]
+ [% IF ( CAN_user_tools || CAN_user_clubs ) %]
<li>
<a class="icon_general icon_tools" href="/cgi-bin/koha/tools/tools-home.pl"><i class="fa fa-fw fa-wrench"></i>Tools</a>
</li>
template_name => "tools/tools-home.tt",
query => $query,
type => "intranet",
- flagsrequired => { tools => '*' },
+ flagsrequired => [ tools => '*', clubs => '*' ],
}
);
projects / koha-ffzg.git / commitdiff