Bug 16231: Correct permission handling in subscription edit

This patch corrects the way subscription edit menu items are displayed
according to the user's permissions settings.

To test, apply the patch and log in to the staff client as a user who
has permission to create, edit, and delete subscriptions.

- Locate an subscription and view the details for it.
- Confirm that each "Edit" menu item works correctly.
- Repeat the process when logged in as a user with varying combinations
  of create, edit, and delete permissions.
- Test as a user limited by IndependentBranches.

Signed-off-by: Charles Farmer <charles.farmer@inLibro.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

diff --git a/koha-tmpl/intranet-tmpl/prog/en/includes/serials-toolbar.inc b/koha-tmpl/intranet-tmpl/prog/en/includes/serials-toolbar.inc
index e8aabde..b217ba6 100644 (file)
--- a/koha-tmpl/intranet-tmpl/prog/en/includes/serials-toolbar.inc
+++ b/koha-tmpl/intranet-tmpl/prog/en/includes/serials-toolbar.inc
@@ -1,5 +1,6 @@
 [% INCLUDE 'blocking_errors.inc' %]
-[% IF subscriptionid and ( CAN_user_serials_edit_subscription || CAN_user_serials_create_subscription || CAN_user_serials_delete_subscription || CAN_user_serials_receive_serials ) %]
+[% IF subscriptionid and ( CAN_user_serials_edit_subscription || CAN_user_serials_create_subscription || CAN_user_serials_receive_serials ) %]
+
     <div id="toolbar" class="btn-toolbar">
         [% IF CAN_user_serials_create_subscription %]
             [% IF biblionumber_for_new_subscription %]
@@ -21,25 +22,35 @@
                 <div class="btn-group">
                     <button class="btn btn-default btn-sm dropdown-toggle" data-toggle="dropdown"><i class="fa fa-pencil"></i> Edit <span class="caret"></span></button>
                         <ul class="dropdown-menu">
-                            [% IF ( cannotedit ) %] <li class="disabled"> [% ELSE %]
-                            <li> [% END %]
-                            <a href="/cgi-bin/koha/serials/subscription-add.pl?op=modify&amp;subscriptionid=[% subscriptionid | uri %]">Edit subscription</a></li>
-                            [% IF ( cannotedit ) %] <li class="disabled"> [% ELSE %]
-                            <li> [% END %]
-                            <a href="/cgi-bin/koha/serials/subscription-add.pl?op=dup&amp;subscriptionid=[% subscriptionid | uri %]">Edit as new (duplicate)</a></li>
+                            [% IF ( CAN_user_serials_edit_subscription ) %]
+                                <li>
+                                    <a href="/cgi-bin/koha/serials/subscription-add.pl?op=modify&amp;subscriptionid=[% subscriptionid | uri %]">Edit subscription</a>
+                                </li>
+                            [% END %]
+
+                            [% IF ( CAN_user_serials_create_subscription ) %]
+                                <li>
+                                    <a href="/cgi-bin/koha/serials/subscription-add.pl?op=dup&amp;subscriptionid=[% subscriptionid | uri %]">Edit as new (duplicate)</a>
+                                </li>
+                            [% END %]
 
                             [% IF CAN_user_editcatalogue_edit_catalogue %]
-                                <li><a id="editbiblio" href="/cgi-bin/koha/cataloguing/addbiblio.pl?biblionumber=[% biblionumber | html %]">Edit record</a></li>
+                                <li>
+                                    <a id="editbiblio" href="/cgi-bin/koha/cataloguing/addbiblio.pl?biblionumber=[% biblionumber | uri %]">Edit record</a>
+                                </li>
                             [% END %]
 
                             [% IF serialsadditems && CAN_user_editcatalogue_edit_items %]
-                                <li><a id="edititems" href="/cgi-bin/koha/cataloguing/additem.pl?biblionumber=[% biblionumber | html %]">Edit items</a></li>
+                                <li>
+                                    <a id="edititems" href="/cgi-bin/koha/cataloguing/additem.pl?biblionumber=[% biblionumber | uri %]">Edit items</a>
+                                </li>
                             [% END %]
 
                             [% IF ( CAN_user_serials_delete_subscription ) %]
-                            [% IF ( cannotedit ) %] <li class="disabled"> [% ELSE %]
-                            <li> [% END %]
-                            <a href="#" id="deletesub">Delete subscription</a></li>[% END %]
+                                <li>
+                                    <a href="#" id="deletesub">Delete subscription</a>
+                                </li>
+                            [% END %]
                         </ul>
                 </div>
             [% END %]