In the serial module, we want to hide serials from others libraries.
However, to permit central serials manage, this patch introduces a
new permission, 'superserials'. If a staff member has this permission,
that person can override the restriction.
Test plan:
- Switch on the IndependantBranches syspref
- Add the permission 'superserials' for a patron and test you can
navigate and see all serials
- Remove this permission and test you cannot manage/view subscriptions
from others libraries
Signed-off-by: Frederic Durand <frederic.durand@unilim.fr>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
$userflags->{$flag} = 0;
}
}
-
# get subpermissions and merge with top-level permissions
my $user_subperms = get_user_subpermissions($userid);
foreach my $module (keys %$user_subperms) {
my ($userid, $flagsrequired) = @_;
my $sth = C4::Context->dbh->prepare("SELECT flags FROM borrowers WHERE userid=?");
$sth->execute($userid);
- my $flags = getuserflags($sth->fetchrow(), $userid);
+ my $row = $sth->fetchrow();
+ my $flags = getuserflags($row, $userid);
if ( $userid eq C4::Context->config('user') ) {
# Super User Account from /etc/koha.conf
$flags->{'superlibrarian'} = 1;
use Modern::Perl;
+use C4::Context;
use C4::Dates qw(format_date format_date_in_iso);
use Date::Calc qw(:all);
use POSIX qw(strftime setlocale LC_TIME);
my ($serialid) = @_;
my $dbh = C4::Context->dbh;
my $query = qq|
- SELECT serial.*, serial.notes as sernotes, serial.status as serstatus,subscription.*,subscription.subscriptionid as subsid |;
- if ( C4::Context->preference('IndependentBranches')
- && C4::Context->userenv
- && C4::Context->userenv->{'flags'} != 1
- && C4::Context->userenv->{'branch'} ) {
- $query .= "
- , ((subscription.branchcode <>\"" . C4::Context->userenv->{'branch'} . "\") and subscription.branchcode <>\"\" and subscription.branchcode IS NOT NULL) as cannotedit ";
- }
- $query .= qq|
+ SELECT serial.*, serial.notes as sernotes, serial.status as serstatus,subscription.*,subscription.subscriptionid as subsid
FROM serial LEFT JOIN subscription ON subscription.subscriptionid=serial.subscriptionid
WHERE serialid = ?
|;
$data->{ "status" . $data->{'serstatus'} } = 1;
$data->{'subscriptionexpired'} = HasSubscriptionExpired( $data->{'subscriptionid'} ) && $data->{'status'} == 1;
$data->{'abouttoexpire'} = abouttoexpire( $data->{'subscriptionid'} );
+ $data->{cannotedit} = not can_edit_subscription( $data );
return $data;
}
subscriptionhistory.*,
aqbooksellers.name AS aqbooksellername,
biblio.title AS bibliotitle,
- subscription.biblionumber as bibnum);
- if ( C4::Context->preference('IndependentBranches')
- && C4::Context->userenv
- && C4::Context->userenv->{'flags'} != 1
- && C4::Context->userenv->{'branch'} ) {
- $query .= "
- , ((subscription.branchcode <>\"" . C4::Context->userenv->{'branch'} . "\") and subscription.branchcode <>\"\" and subscription.branchcode IS NOT NULL) as cannotedit ";
- }
- $query .= qq(
+ subscription.biblionumber as bibnum
FROM subscription
LEFT JOIN subscriptionhistory ON subscription.subscriptionid=subscriptionhistory.subscriptionid
LEFT JOIN aqbooksellers ON subscription.aqbooksellerid=aqbooksellers.id
WHERE subscription.subscriptionid = ?
);
- # if (C4::Context->preference('IndependentBranches') &&
- # C4::Context->userenv &&
- # C4::Context->userenv->{'flags'} != 1){
- # # $debug and warn "flags: ".C4::Context->userenv->{'flags'};
- # $query.=" AND subscription.branchcode IN ('".C4::Context->userenv->{'branch'}."',\"\")";
- # }
$debug and warn "query : $query\nsubsid :$subscriptionid";
my $sth = $dbh->prepare($query);
$sth->execute($subscriptionid);
- return $sth->fetchrow_hashref;
+ my $subscription = $sth->fetchrow_hashref;
+ $subscription->{cannotedit} = not can_edit_subscription( $subscription );
+ return $subscription;
}
=head2 GetFullSubscription
aqbooksellers.name as aqbooksellername,
biblio.title as bibliotitle,
subscription.branchcode AS branchcode,
- subscription.subscriptionid AS subscriptionid |;
- if ( C4::Context->preference('IndependentBranches')
- && C4::Context->userenv
- && C4::Context->userenv->{'flags'} != 1
- && C4::Context->userenv->{'branch'} ) {
- $query .= "
- , ((subscription.branchcode <>\"" . C4::Context->userenv->{'branch'} . "\") and subscription.branchcode <>\"\" and subscription.branchcode IS NOT NULL) as cannotedit ";
- }
- $query .= qq|
+ subscription.subscriptionid AS subscriptionid
FROM serial
LEFT JOIN subscription ON
(serial.subscriptionid=subscription.subscriptionid )
$debug and warn "GetFullSubscription query: $query";
my $sth = $dbh->prepare($query);
$sth->execute($subscriptionid);
- return $sth->fetchall_arrayref( {} );
+ my $subscriptions = $sth->fetchall_arrayref( {} );
+ for my $subscription ( @$subscriptions ) {
+ $subscription->{cannotedit} = not can_edit_subscription( $subscription );
+ }
+ return $subscriptions;
}
=head2 PrepareSerialsData
$subs->{ "periodicity" . $subs->{periodicity} } = 1;
$subs->{ "numberpattern" . $subs->{numberpattern} } = 1;
$subs->{ "status" . $subs->{'status'} } = 1;
- $subs->{'cannotedit'} =
- ( C4::Context->preference('IndependentBranches')
- && C4::Context->userenv
- && C4::Context->userenv->{flags} % 2 != 1
- && C4::Context->userenv->{branch}
- && $subs->{branchcode}
- && ( C4::Context->userenv->{branch} ne $subs->{branchcode} ) );
if ( $subs->{enddate} eq '0000-00-00' ) {
$subs->{enddate} = '';
}
$subs->{'abouttoexpire'} = abouttoexpire( $subs->{'subscriptionid'} );
$subs->{'subscriptionexpired'} = HasSubscriptionExpired( $subs->{'subscriptionid'} );
+ $subs->{cannotedit} = not can_edit_subscription( $subs );
push @res, $subs;
}
return \@res;
year(IF(serial.publisheddate="00-00-0000",serial.planneddate,serial.publisheddate)) as year,
biblio.title as bibliotitle,
subscription.branchcode AS branchcode,
- subscription.subscriptionid AS subscriptionid|;
- if ( C4::Context->preference('IndependentBranches')
- && C4::Context->userenv
- && C4::Context->userenv->{'flags'} != 1
- && C4::Context->userenv->{'branch'} ) {
- $query .= "
- , ((subscription.branchcode <>\"" . C4::Context->userenv->{'branch'} . "\") and subscription.branchcode <>\"\" and subscription.branchcode IS NOT NULL) as cannotedit ";
- }
-
- $query .= qq|
+ subscription.subscriptionid AS subscriptionid
FROM serial
LEFT JOIN subscription ON
(serial.subscriptionid=subscription.subscriptionid)
|;
my $sth = $dbh->prepare($query);
$sth->execute($biblionumber);
- return $sth->fetchall_arrayref( {} );
+ my $subscriptions = $sth->fetchall_arrayref( {} );
+ for my $subscription ( @$subscriptions ) {
+ $subscription->{cannotedit} = not can_edit_subscription( $subscription );
+ }
+ return $subscriptions;
}
=head2 GetSubscriptions
$debug and warn "GetSubscriptions query: $sql params : ", join( " ", @bind_params );
$sth = $dbh->prepare($sql);
$sth->execute(@bind_params);
- my @results;
-
- while ( my $line = $sth->fetchrow_hashref ) {
- $line->{'cannotedit'} =
- ( C4::Context->preference('IndependentBranches')
- && C4::Context->userenv
- && C4::Context->userenv->{flags} % 2 != 1
- && C4::Context->userenv->{branch}
- && $line->{branchcode}
- && ( C4::Context->userenv->{branch} ne $line->{branchcode} ) );
- push @results, $line;
- }
- return @results;
+ my $subscriptions = $sth->fetchall_arrayref( {} );
+ for my $subscription ( @$subscriptions ) {
+ $subscription->{cannotedit} = not can_edit_subscription( $subscription );
+ }
+ return @$subscriptions;
}
=head2 SearchSubscriptions
my $results = $sth->fetchall_arrayref( {} );
$sth->finish;
+ for my $subscription ( @$results ) {
+ $subscription->{cannotedit} = not can_edit_subscription( $subscription );
+ $subscription->{cannotdisplay} =
+ ( C4::Context->preference("IndependentBranches")
+ and $subscription->{branchcode} ne C4::Context->userenv->{'branch'} ) ? 1 : 0;
+ }
+
return @$results;
}
return $sth->fetchrow_array;
}
+sub can_edit_subscription {
+ my ( $subscription, $userid ) = @_;
+ my $flags = C4::Context->userenv->{flags};
+ $userid ||= C4::Context->userenv->{'id'};
+ my $independent_branches = C4::Context->preference('IndependentBranches');
+ return 1 unless $independent_branches;
+ if( $flags % 2 == 1 # superlibrarian
+ or C4::Auth::haspermission( $userid, {serials => 'superserials'}),
+ or C4::Auth::haspermission( $userid, {serials => 'edit_subscription'}),
+ or not defined $subscription->{branchcode}
+ or $subscription->{branchcode} eq ''
+ or $subscription->{branchcode} eq C4::Context->userenv->{'branch'}
+ ) {
+ return 1;
+ }
+ return 0;
+}
+
1;
__END__
(15, 'receive_serials', 'Zugang von Heften'),
(15, 'renew_subscription', 'Abonnements verlängern'),
(15, 'routing', 'Umlauflisten verwalten'),
+ (15, 'superserials', 'Manage subscriptions from any branch (only applies when IndependantBranches is used)'),
(16, 'execute_reports', 'SQL-Reports ausführen'),
(16, 'create_reports', 'SQL-Reports erstellen'),
(18, 'manage_courses', 'Add, edit and delete courses'),
(15, 'receive_serials', 'Serials receiving'),
(15, 'renew_subscription', 'Renew a subscription'),
(15, 'routing', 'Routing'),
+ (15, 'superserials', 'Manage subscriptions from any branch (only applies when IndependantBranches is used)'),
(16, 'execute_reports', 'Execute SQL reports'),
(16, 'create_reports', 'Create SQL Reports'),
(18, 'manage_courses', 'Add, edit and delete courses'),
(15, 'receive_serials', 'Serials receiving'),
(15, 'renew_subscription', 'Renew a subscription'),
(15, 'routing', 'Routing'),
+ (15, 'superserials', 'Manage subscriptions from any branch (only applies when IndependantBranches is used)'),
(16, 'execute_reports', 'Execute SQL reports'),
(16, 'create_reports', 'Create SQL Reports'),
(18, 'manage_courses', 'Add, edit and delete courses'),
(15, 'receive_serials', 'Bulletiner les périodiques'),
(15, 'renew_subscription', 'Renouveler les abonnements'),
(15, 'routing', 'Mettre en circulation'),
+ (15, 'superserials', 'Manage subscriptions from any branch (only applies when IndependantBranches is used)'),
(16, 'execute_reports', 'Lancer les rapports SQL'),
(16, 'create_reports', 'Créer les rapports SQL Reports'),
(18, 'manage_courses', 'Add, edit and delete courses'),
(15, 'receive_serials', 'Ricevi fascicoli'),
(15, 'renew_subscription', 'Rinnova un abbonamento'),
(15, 'routing', 'Crea/Manipola liste di distribuzione dei fascicoli ( routing list)'),
+ (15, 'superserials', 'Manage subscriptions from any branch (only applies when IndependantBranches is used)'),
(16, 'execute_reports', 'Esegui reports SQL'),
(16, 'create_reports', 'Crea reports SQL'),
(18, 'manage_courses', 'Add, edit and delete courses'),
(15, 'receive_serials', 'Heftemottak'),
(15, 'renew_subscription', 'Fornye abonnementer'),
(15, 'routing', 'Sirkulasjon'),
+ (15, 'superserials', 'Manage subscriptions from any branch (only applies when IndependantBranches is used)'),
(16, 'execute_reports', 'Kjøre SQL-rapporter'),
(16, 'create_reports', 'Opprette SQL-rapporter'),
(18, 'manage_courses', 'Add, edit and delete courses'),
(15, 'receive_serials', 'Serials receiving'),
(15, 'renew_subscription', 'Renew a subscription'),
(15, 'routing', 'Routing'),
+ (15, 'superserials', 'Manage subscriptions from any branch (only applies when IndependantBranches is used)'),
(16, 'execute_reports', 'Execute SQL reports'),
(16, 'create_reports', 'Create SQL Reports'),
(18, 'manage_courses', 'Add, edit and delete courses'),
(15, 'receive_serials', 'Serials receiving'),
(15, 'renew_subscription', 'Renew a subscription'),
(15, 'routing', 'Routing'),
+ (15, 'superserials', 'Manage subscriptions from any branch (only applies when IndependantBranches is used)'),
(16, 'execute_reports', 'Execute SQL reports'),
(16, 'create_reports', 'Create SQL Reports'),
(18, 'manage_courses', 'Add, edit and delete courses'),
(15, 'receive_serials', 'Serials receiving'),
(15, 'renew_subscription', 'Renew a subscription'),
(15, 'routing', 'Routing'),
+ (15, 'superserials', 'Manage subscriptions from any branch (only applies when IndependantBranches is used)'),
(16, 'execute_reports', 'Execute SQL reports'),
(16, 'create_reports', 'Create SQL Reports'),
(18, 'manage_courses', 'Add, edit and delete courses'),
SetVersion($DBversion);
}
+$DBversion = "3.13.00.XXX";
+if ( CheckVersion($DBversion) ) {
+ $dbh->do("INSERT INTO permissions (module_bit, code, description) VALUES(15, 'superserials', 'Manage subscriptions from any branch (only applies when IndependentBranches is used)')");
+ print "Upgrade to $DBversion done (Bug 8435: Add superserials permission)\n";
+ SetVersion($DBversion);
+}
=head1 FUNCTIONS
</tfoot>
<tbody>
[% FOREACH subscription IN openedsubscriptions %]
+ [% UNLESS subscription.cannotdisplay %]
<tr>
<td>
[% IF ( subscription.issn ) %][% subscription.issn %]
<td><a href="/cgi-bin/koha/serials/serials-collection.pl?subscriptionid=[% subscription.subscriptionid %]">Issue history</a>
</td>
<td>
- [% IF ( subscription.cannotedit ) %]
-
- [% ELSE %]
- [% IF ( CAN_user_serials_receive_serials ) %]<a href="/cgi-bin/koha/serials/serials-edit.pl?subscriptionid=[% subscription.subscriptionid %]&serstatus=1,3,7">Serial receive</a>[% END %]
+ [% IF ( CAN_user_serials_receive_serials ) %]
+ <a href="/cgi-bin/koha/serials/serials-edit.pl?subscriptionid=[% subscription.subscriptionid %]&serstatus=1,3,7">Serial receive</a>
[% END %]
</td>
</tr>
+ [% END %]
[% END %]
</tbody>
</table>
</tfoot>
<tbody>
[% FOREACH subscription IN closedsubscriptions %]
+ [% UNLESS subscription.cannotdisplay %]
<tr>
<td>
[% IF ( subscription.issn ) %]
</td>
</tr>
[% END %]
+ [% END %]
</tbody>
</table>
[% ELSE %]
my $nbissues=$query->param('nbissues');
my $dbh = C4::Context->dbh;
-my ($template, $loggedinuser, $cookie);
-($template, $loggedinuser, $cookie)
+my ($template, $loggedinuser, $cookie)
= get_template_and_user({template_name => "serials/serials-collection.tmpl",
query => $query,
type => "intranet",
foreach my $subscriptionid (@subscriptionid){
my $subs= GetSubscription($subscriptionid);
$closed = 1 if $subs->{closed};
+
$subs->{opacnote} =~ s/\n/\<br\/\>/g;
$subs->{missinglist} =~ s/\n/\<br\/\>/g;
$subs->{recievedlist} =~ s/\n/\<br\/\>/g;
&& !$processedserialid{$serialid} )
{
my $serinfo = GetSerialInformation($serialid); #TODO duplicates work done by GetSerials2 above
+
for my $d ( qw( publisheddate planneddate )){
if ( $serinfo->{$d} =~m/^00/ ) {
$serinfo->{$d} = q{};
my (@openedsubscriptions, @closedsubscriptions);
for my $sub ( @subscriptions ) {
unless ( $sub->{closed} ) {
- push @openedsubscriptions, $sub;
+ push @openedsubscriptions, $sub
+ unless $sub->{cannotdisplay};
} else {
- push @closedsubscriptions, $sub;
+ push @closedsubscriptions, $sub
+ unless $sub->{cannotdisplay};
}
}
my $subscriptionid = $query->param('subscriptionid');
$subs = GetSubscription($subscriptionid);
-## FIXME : Check rights to edit if mod. Could/Should display an error message.
+
+ ## FIXME : Check rights to edit if mod. Could/Should display an error message.
if ($subs->{'cannotedit'} && $op eq 'modify'){
carp "Attempt to modify subscription $subscriptionid by ".C4::Context->userenv->{'id'}." not allowed";
print $query->redirect("/cgi-bin/koha/serials/subscription-detail.pl?subscriptionid=$subscriptionid");
}
}
-my $onlymine=C4::Context->preference('IndependentBranches') &&
- C4::Context->userenv &&
- C4::Context->userenv->{flags} % 2 !=1 &&
- C4::Context->userenv->{branch};
+my $userenv = C4::Context->userenv;
+my $onlymine =
+ C4::Context->preference('IndependentBranches')
+ && $userenv
+ && $userenv->{flags} % 2 != 1
+ && (
+ not C4::Auth::haspermission( $userenv->{id}, { serials => 'superserials' } )
+ )
+ && $userenv->{branch};
+
my $branches = GetBranches($onlymine);
my $branchloop;
for my $thisbranch (sort { $branches->{$a}->{branchname} cmp $branches->{$b}->{branchname} } keys %{$branches}) {
my $op = $query->param('op') || q{};
my $issueconfirmed = $query->param('issueconfirmed');
my $dbh = C4::Context->dbh;
-my ($template, $loggedinuser, $cookie, $hemisphere);
my $subscriptionid = $query->param('subscriptionid');
if ( $op and $op eq "close" ) {
C4::Serials::ReopenSubscription( $subscriptionid );
}
-my $subs = GetSubscription($subscriptionid);
-
-$subs->{enddate} = GetExpirationDate($subscriptionid);
-
-if ($op && $op eq 'del') {
- if ($subs->{'cannotedit'}){
- carp "Attempt to delete subscription $subscriptionid by ".C4::Context->userenv->{'id'}." not allowed";
- print $query->redirect("/cgi-bin/koha/serials/subscription-detail.pl?subscriptionid=$subscriptionid");
- }
- DelSubscription($subscriptionid);
- print "Content-Type: text/html\n\n<META HTTP-EQUIV=Refresh CONTENT=\"0; URL=serials-home.pl\"></html>";
- exit;
-}
-
-my ($totalissues,@serialslist) = GetSerials($subscriptionid);
-$totalissues-- if $totalissues; # the -1 is to have 0 if this is a new subscription (only 1 issue)
# the subscription must be deletable if there is NO issues for a reason or another (should not happend, but...)
# Permission needed if it is a deletion (del) : delete_subscription
# Permission needed otherwise : *
my $permission = ($op eq "del") ? "delete_subscription" : "*";
-($template, $loggedinuser, $cookie)
+my ($template, $loggedinuser, $cookie)
= get_template_and_user({template_name => "serials/subscription-detail.tmpl",
query => $query,
type => "intranet",
debug => 1,
});
-$$subs{enddate} ||= GetExpirationDate($subscriptionid);
+
+my $subs = GetSubscription($subscriptionid);
+$subs->{enddate} ||= GetExpirationDate($subscriptionid);
+
+my ($totalissues,@serialslist) = GetSerials($subscriptionid);
+$totalissues-- if $totalissues; # the -1 is to have 0 if this is a new subscription (only 1 issue)
if ($op eq 'del') {
if ($$subs{'cannotedit'}){
hasRouting => $hasRouting,
routing => C4::Context->preference("RoutingSerials"),
totalissues => $totalissues,
- hemisphere => $hemisphere,
- cannotedit =>(C4::Context->preference('IndependentBranches') &&
- C4::Context->userenv &&
- C4::Context->userenv->{flags} % 2 !=1 &&
- C4::Context->userenv->{branch} && $subs->{branchcode} &&
- (C4::Context->userenv->{branch} ne $subs->{branchcode})),
+ cannotedit => (not C4::Serials::can_edit_subscription( $subs )),
frequency => $frequency,
numberpattern => $numberpattern,
has_X => ($numberpattern->{'numberingmethod'} =~ /{X}/) ? 1 : 0,