Bug 13417: Allow staff members to manage public lists

Currently a public list can only be deleted by its owner.
This means lists can exist infinitely.
This will introduce a new permission for list. With this permission, a
staff member will be allow to delete any public lists.

Test plan:
1/ Add the manage_shelves permission to a patron.
2/ Login with this patron
3/ Go on the public list view
4/ You should be able to edit all public lists

Followed test plan. Works as expected.
Signed-off-by: Marc Veron <veron@veron.ch>
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>

diff --git a/C4/VirtualShelves.pm b/C4/VirtualShelves.pm
index 0ae9361..f461d3c 100644 (file)
--- a/C4/VirtualShelves.pm
+++ b/C4/VirtualShelves.pm
@@ -21,8 +21,10 @@ use strict;
 use warnings;
 
 use Carp;
+use C4::Auth;
 use C4::Context;
 use C4::Debug;
+use C4::Members;
 
 use constant SHELVES_MASTHEAD_MAX => 10; #number under Lists button in masthead
 use constant SHELVES_COMBO_MAX => 10; #add to combo in search
@@ -461,6 +463,12 @@ sub ShelfPossibleAction {
 
     return 0 unless defined($shelfnumber);
 
+    if ( $user > 0 ) {
+        my $borrower = C4::Members::GetMember( borrowernumber => $user );
+        return 1
+            if C4::Auth::haspermission( $borrower->{userid}, { shelves => 'manage_shelves' } );
+    }
+
     my $dbh = C4::Context->dbh;
     my $query = qq/
         SELECT COALESCE(owner,0) AS owner, category, allow_add, allow_delete_own, allow_delete_other, COALESCE(sh.borrowernumber,0) AS borrowernumber

diff --git a/installer/data/mysql/en/mandatory/userflags.sql b/installer/data/mysql/en/mandatory/userflags.sql
index e727f9e..c027b1d 100644 (file)
--- a/installer/data/mysql/en/mandatory/userflags.sql
+++ b/installer/data/mysql/en/mandatory/userflags.sql
@@ -17,4 +17,6 @@ INSERT INTO userflags (bit, flag, flagdesc, defaulton) VALUES
 (16,'reports','Allow access to the reports module',0),
 (17,'staffaccess','Allow staff members to modify permissions for other staff members',0),
 (18,'coursereserves','Course reserves',0),
-(19, 'plugins', 'Koha plugins', '0');
+(19, 'plugins', 'Koha plugins', '0'),
+(20, 'shelves', 'Virtual shelves', 0)
+;

diff --git a/installer/data/mysql/en/mandatory/userpermissions.sql b/installer/data/mysql/en/mandatory/userpermissions.sql
index 65c4bb8..12768b7 100644 (file)
--- a/installer/data/mysql/en/mandatory/userpermissions.sql
+++ b/installer/data/mysql/en/mandatory/userpermissions.sql
@@ -71,5 +71,6 @@ INSERT INTO permissions (module_bit, code, description) VALUES
    (19, 'manage', 'Manage plugins ( install / uninstall )'),
    (19, 'tool', 'Use tool plugins'),
    (19, 'report', 'Use report plugins'),
-   (19, 'configure', 'Configure plugins')
+   (19, 'configure', 'Configure plugins'),
+   (20, 'manage_shelves', 'Manage shelves')
 ;

diff --git a/installer/data/mysql/updatedatabase.pl b/installer/data/mysql/updatedatabase.pl
index dab1c62..b4d1953 100755 (executable)
--- a/installer/data/mysql/updatedatabase.pl
+++ b/installer/data/mysql/updatedatabase.pl
@@ -9759,6 +9759,20 @@ if ( CheckVersion($DBversion) ) {
     SetVersion ($DBversion);
 }
 
+$DBversion = "3.19.00.XXX";
+if ( CheckVersion($DBversion) ) {
+    $dbh->do(q|
+        INSERT INTO userflags (bit, flag, flagdesc, defaulton) VALUES
+        (20, 'shelves', 'Virtual shelves', 0)
+    |);
+    $dbh->do(q|
+        INSERT INTO permissions (module_bit, code, description) VALUES
+        (20, 'manage_shelves', 'Manage shelves')
+    |);
+    print "Upgrade to $DBversion done (Bug 13417: Add permission to manage shelves)\n";
+    SetVersion ($DBversion);
+}
+
 =head1 FUNCTIONS
 
 =head2 TableExists($table)