projects / koha_gimpoz / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: bd4bf54)
Bug 6072: fixing permission inconsistencies MT5306
authorPaul Poulain <paul.poulain@biblibre.com>
Wed, 6 Apr 2011 08:54:38 +0000 (10:54 +0200)
committerChris Cormack <chrisc@catalyst.net.nz>
Fri, 8 Apr 2011 01:10:12 +0000 (13:10 +1200)
In large libraries, some librarian may have permission only
to recieve shipments This patch fixes some permission :
* booksellers page = accessible to anyone that has at least 1 acq permission
* parcels = accessible to anyone with order_recieve
* supplier detail = accessible to anyone that has at least 1 acq permission,
  but modifying accessible only if vendor_manage

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
acqui/booksellers.pl patch | blob | history
acqui/parcels.pl patch | blob | history
acqui/supplier.pl patch | blob | history
koha-tmpl/intranet-tmpl/prog/en/includes/acquisitions-toolbar.inc patch | blob | history
koha-tmpl/intranet-tmpl/prog/en/modules/acqui/booksellers.tmpl patch | blob | history

diff --git a/acqui/booksellers.pl b/acqui/booksellers.pl
index 88dbaa9..cc5c084 100755 (executable)
--- a/acqui/booksellers.pl
+++ b/acqui/booksellers.pl
@@ -66,7 +66,7 @@ my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
         query           => $query,
         type            => 'intranet',
         authnotrequired => 0,
-        flagsrequired   => { acquisition => 'vendors_manage' },
+        flagsrequired   => { acquisition => '*' },
         debug           => 1,
     }
 );
diff --git a/acqui/parcels.pl b/acqui/parcels.pl
index 1e8d44e..915b1e8 100755 (executable)
--- a/acqui/parcels.pl
+++ b/acqui/parcels.pl
@@ -91,7 +91,7 @@ my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
         query           => $input,
         type            => 'intranet',
         authnotrequired => 0,
-        flagsrequired   => { acquisition => 1 },
+        flagsrequired   => { acquisition => 'order_receive' },
         debug           => 1,
     }
 );
diff --git a/acqui/supplier.pl b/acqui/supplier.pl
index 52d940c..2a4078a 100755 (executable)
--- a/acqui/supplier.pl
+++ b/acqui/supplier.pl
@@ -64,7 +64,7 @@ my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
         query           => $query,
         type            => 'intranet',
         authnotrequired => 0,
-        flagsrequired   => { acquisition => 'vendors_manage' },
+        flagsrequired   => { acquisition => '*' },
         debug           => 1,
     }
 );
diff --git a/koha-tmpl/intranet-tmpl/prog/en/includes/acquisitions-toolbar.inc b/koha-tmpl/intranet-tmpl/prog/en/includes/acquisitions-toolbar.inc
index 9f7a8e5..a11417a 100644 (file)
--- a/koha-tmpl/intranet-tmpl/prog/en/includes/acquisitions-toolbar.inc
+++ b/koha-tmpl/intranet-tmpl/prog/en/includes/acquisitions-toolbar.inc
@@ -21,9 +21,11 @@
         new YAHOO.widget.Button("editcontracts");
 
         var manageorders = [
-            { text: _("New basket"), url: "/cgi-bin/koha/acqui/basketheader.pl?booksellerid=<!-- TMPL_VAR NAME="id" -->&op=add_form"},
-            { text: _("Baskets"), url: "/cgi-bin/koha/acqui/booksellers.pl?supplierid=<!--TMPL_VAR Name="id"-->"},
-            { text: _("Basket groups"), url: "/cgi-bin/koha/acqui/basketgroup.pl?booksellerid=<!-- TMPL_VAR NAME="id" -->"},
+            <!-- TMPL_IF name="CAN_user_acquisition_order_manage" -->
+                { text: _("New basket"), url: "/cgi-bin/koha/acqui/basketheader.pl?booksellerid=<!-- TMPL_VAR NAME="id" -->&op=add_form"},
+                { text: _("Baskets"), url: "/cgi-bin/koha/acqui/booksellers.pl?supplierid=<!--TMPL_VAR Name="id"-->"},
+                { text: _("Basket groups"), url: "/cgi-bin/koha/acqui/basketgroup.pl?booksellerid=<!-- TMPL_VAR NAME="id" -->"},
+            <!-- /TMPL_IF -->
             { text: _("Receive shipments"), url: "/cgi-bin/koha/acqui/parcels.pl?supplierid=<!--TMPL_VAR Name="id"-->" },
             <!-- TMPL_IF name="basketno" -->
                 { text: _("Uncertain prices"), url: "/cgi-bin/koha/acqui/uncertainprice.pl?booksellerid=<!-- TMPL_VAR NAME="id" -->&basketno=<!--TMPL_VAR name="basketno" -->&owner=1"}
@@ -42,12 +44,14 @@
     </script>
     <ul id="toolbar-list" class="toolbar">
         <!-- TMPL_IF NAME="id" -->
-            <li><a id="editsupplier" href="/cgi-bin/koha/acqui/supplier.pl?supplierid=<!--TMPL_VAR Name="id"-->&amp;op=enter">Edit</a></li>
-            <li><a id="newcontract" href="/cgi-bin/koha/admin/aqcontract.pl?op=add_form&booksellerid=<!-- TMPL_VAR name="id" -->">New Contract</a></li>
-            <li><a id="editcontracts" href="/cgi-bin/koha/admin/aqcontract.pl?booksellerid=<!-- TMPL_VAR name="id" -->">Contracts</a></li>
-            <!-- TMPL_UNLESS NAME="basketcount" -->
-                <li><a id="newbasket" href="/cgi-bin/koha/acqui/basketheader.pl?booksellerid=<!-- TMPL_VAR name="id" -->&op=add_form">New Basket</a></li>
-            <!-- /TMPL_UNLESS -->
+            <!-- TMPL_IF name="CAN_user_acquisition_vendors_manage" -->
+                <li><a id="editsupplier" href="/cgi-bin/koha/acqui/supplier.pl?supplierid=<!--TMPL_VAR Name="id"-->&amp;op=enter">Edit</a></li>
+                <li><a id="newcontract" href="/cgi-bin/koha/admin/aqcontract.pl?op=add_form&booksellerid=<!-- TMPL_VAR name="id" -->">New Contract</a></li>
+                <li><a id="editcontracts" href="/cgi-bin/koha/admin/aqcontract.pl?booksellerid=<!-- TMPL_VAR name="id" -->">Contracts</a></li>
+                <!-- TMPL_UNLESS NAME="basketcount" -->
+                    <li><a id="newbasket" href="/cgi-bin/koha/acqui/basketheader.pl?booksellerid=<!-- TMPL_VAR name="id" -->&op=add_form">New Basket</a></li>
+                <!-- /TMPL_UNLESS -->
+            <!-- /TMPL_IF -->
         <!-- TMPL_ELSE -->
             <li><a id="newbudget" href="/cgi-bin/koha/acqui/supplier.pl?op=enter">New Vendor</a></li>
         <!-- /TMPL_IF -->
diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/booksellers.tmpl b/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/booksellers.tmpl
index 50b3ea7..6d64251 100644 (file)
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/booksellers.tmpl
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/booksellers.tmpl
@@ -58,11 +58,13 @@
         <!-- TMPL_ELSE -->
             <tr>
         <!-- /TMPL_UNLESS -->
-                <td>   <!-- TMPL_IF name="active" -->
+                <td><!-- TMPL_IF name="CAN_user_acquisition_order_manage" -->
+                    <!-- TMPL_IF name="active" -->
                         <a href="basketheader.pl?booksellerid=<!-- TMPL_VAR name="supplierid" -->&amp;op=add_form">New basket</a>
                     <!-- TMPL_ELSE -->
                         Inactive
                     <!-- /TMPL_IF -->
+                    <!-- /TMPL_IF -->
                 </td>
                 <td>   <a href="parcels.pl?supplierid=<!-- TMPL_VAR name="supplierid" -->">Receive shipment</a>
                 </td>
Unnamed repository; edit this file 'description' to name the repository.