Bug 20128: Add permission for advanced cataloging editor

To test:
1 - Have a borrower with edit_catalogue permission and one with
editcatalogue top level
2 - Confirm they can both access the advanced editor from the
'Cataloguing' home page or from the basic editor
3 - Apply patch
4 - Update database
5 - Confirm borrower with 'edit_catalogue' has 'advanced_editor'
permission
6 - Confirm borrowers can access advanced editor as above
7 - Remove 'advanced_editor' permission from borrower
8 - Ensure they cannot access the advanced editor
9 - Ensure links to 'Edit record' from search results go to basic editor

Signed-off-by: Liz Rea <wizzyrea@gmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

diff --git a/cataloguing/addbiblio.pl b/cataloguing/addbiblio.pl
index 67dde98..8c60a11 100755 (executable)
--- a/cataloguing/addbiblio.pl
+++ b/cataloguing/addbiblio.pl
@@ -737,7 +737,7 @@ if ($frameworkcode eq 'FA'){
         'stickyduedate'      => $fa_stickyduedate,
         'duedatespec'        => $fa_duedatespec,
     );
-} elsif ( $op ne "delete" && C4::Context->preference('EnableAdvancedCatalogingEditor') && $input->cookie( 'catalogue_editor_' . $loggedinuser ) eq 'advanced' && !$breedingid ) {
+} elsif ( $op ne "delete" && C4::Context->preference('EnableAdvancedCatalogingEditor') && C4::Auth::haspermission($loggedinuser,{'editcatalogue'=>'advanced_editor'}) && $input->cookie( 'catalogue_editor_' . $loggedinuser ) eq 'advanced' && !$breedingid ) {
     # Only use the advanced editor for non-fast-cataloging.
     # breedingid is not handled because those would only come off a Z39.50
     # search initiated by the basic editor.

diff --git a/cataloguing/editor.pl b/cataloguing/editor.pl
index 42f35b3..a0e6c83 100755 (executable)
--- a/cataloguing/editor.pl
+++ b/cataloguing/editor.pl
@@ -40,7 +40,12 @@ my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
         query           => $input,
         type            => 'intranet',
         authnotrequired => 0,
-        flagsrequired   => { editcatalogue => 'edit_catalogue' },
+        flagsrequired   => {
+            editcatalogue => {
+                'edit_catalogue'  => 1,
+                'advanced_editor' => 1
+            },
+        }
     }
 );
 

diff --git a/installer/data/mysql/atomicupdate/bug20128_add_permission_for_advanced_editor.perl b/installer/data/mysql/atomicupdate/bug20128_add_permission_for_advanced_editor.perl
new file mode 100644 (file)
index 0000000..c383eec
--- /dev/null
+++ b/installer/data/mysql/atomicupdate/bug20128_add_permission_for_advanced_editor.perl
@@ -0,0 +1,16 @@
+$DBversion = 'XXX';
+if( CheckVersion( $DBversion ) ) {
+    $dbh->do(q{
+        INSERT IGNORE permissions (module_bit, code, description)
+        VALUES
+        (9,'advanced_editor','Use the advanced cataloging editor')
+    });
+    if( C4::Context->preference('EnableAdvancedCatalogingEditor') ){
+        $dbh->do(q{
+            INSERT INTO user_permissions (borrowernumber, module_bit, code)
+            SELECT borrowernumber, 9, 'advanced_editor' FROM borrowers WHERE borrowernumber IN (SELECT DISTINCT borrowernumber FROM user_permissions WHERE code = 'edit_catalogue');
+        });
+    }
+    SetVersion( $DBversion );
+    print "Upgrade to $DBversion done (Bug 20128: Add permission for Advanced Cataloging Editor)\n";
+}

diff --git a/koha-tmpl/intranet-tmpl/prog/en/includes/permissions.inc b/koha-tmpl/intranet-tmpl/prog/en/includes/permissions.inc
index 1763079..0e40101 100644 (file)
--- a/koha-tmpl/intranet-tmpl/prog/en/includes/permissions.inc
+++ b/koha-tmpl/intranet-tmpl/prog/en/includes/permissions.inc
@@ -271,6 +271,11 @@
             Edit catalog (Modify bibliographic/holdings data)
         </span>
         <span class="permissioncode">([% name | html %])</span>
+    [%- CASE 'advanced_editor' -%]
+        <span class="sub_permission advanced_editor_subpermission">
+            Use the advanced cataloging editor (requires edit_catalogue)
+        </span>
+        <span class="permissioncode">([% name | html %])</span>
     [%- CASE 'edit_items' -%]
         <span class="sub_permission edit_items_subpermission">
             Edit items

diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/cataloguing/addbiblio.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/cataloguing/addbiblio.tt
index 6b1a95b..2aa091e 100644 (file)
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/cataloguing/addbiblio.tt
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/cataloguing/addbiblio.tt
@@ -511,7 +511,7 @@ function Changefwk() {
     <div class="btn-group">
         <button class="btn btn-default dropdown-toggle" data-toggle="dropdown"><i class="fa fa-cog"></i> Settings <span class="caret"></span></button>
         <ul id="settings-menu" class="dropdown-menu">
-            [% IF Koha.Preference( 'EnableAdvancedCatalogingEditor' ) == 1 %]
+            [% IF Koha.Preference( 'EnableAdvancedCatalogingEditor' ) == 1 && CAN_user_editcatalogue_advanced_editor %]
                 <li><a href="#" id="switcheditor">Switch to advanced editor</a></li>
             [% END %]
             [% IF marcflavour != 'NORMARC' AND NOT advancedMARCEditor %]

diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/cataloguing/addbooks.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/cataloguing/addbooks.tt
index f72eb30..b11daa7 100644 (file)
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/cataloguing/addbooks.tt
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/cataloguing/addbooks.tt
@@ -18,7 +18,7 @@
 
 [% IF ( CAN_user_editcatalogue_edit_catalogue ) %]
   <div id="toolbar" class="btn-toolbar">
-        [% IF Koha.Preference( 'EnableAdvancedCatalogingEditor' ) == 1 %]
+        [% IF Koha.Preference( 'EnableAdvancedCatalogingEditor' ) == 1 && CAN_user_editcatalogue_advanced_editor %]
             <a id="useadvanced" href="/cgi-bin/koha/cataloguing/editor.pl" class="btn btn-default"><i class="fa fa-pencil"></i> Advanced editor</a>
         [% END %]
         <div class="btn-group">