This splits off the delete capability from the create reports permission.
From a UI perspective there were CSS issues, that this patch set hackily
bypasses. Perhaps someone else can amend this enhancement with the required
changes so that the extra column at the beginning of the table can be
removed when the user does not have delete capability.
TEST PLAN
---------
1) back up db
2) apply patch
3) ./installer/data/mysql/updatedatabase.pl
-- should run without issue.
4) in mysql:
> drop database ...
> create database ...
-- totally blanks it for fresh web install
5) run web install
-- installing should have no issues
6) go to a patron
7) set permissions
8) expand the reports permission
-- should have delete reports now
9) click help and scroll down to
'Granular Reports Permissions' right at the bottom.
-- there should be a new delete_reports section
10) Head over to guided reports and build a few reports.
-- as system account user, delete stuff should all be visible.
11) Find a patron, set all permissions, except delete reports.
12) log out and then log in as the modified patron
13) Head over the save reports
-- none of the delete options should be available to the user.
14) run koha qa test tools
15) restore db
Followed test plan. Additionally tried to delete using params in URL
(not possible, OK)
Signed-off-by: Marc <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
--- /dev/null
+INSERT IGNORE INTO `permissions`
+ (module_bit, code, description) VALUES
+ (16, 'delete_reports', 'Delete SQL reports');
(15, 'superserials', 'Manage subscriptions from any branch (only applies when IndependentBranches is used)'),
(16, 'execute_reports', 'Execute SQL reports'),
(16, 'create_reports', 'Create SQL reports'),
+ (16, 'delete_reports', 'Delete SQL reports'),
(18, 'manage_courses', 'Add, edit and delete courses'),
(18, 'add_reserves', 'Add course reserves'),
(18, 'delete_reserves', 'Remove course reserves'),
[%- CASE 'renew_subscription' -%]<span>Renew a subscription</span>
[%- CASE 'routing' -%]<span>Routing</span>
[%- CASE 'superserials' -%]<span>Manage subscriptions from any branch (only applies when IndependentBranches is used)</span>
+ [%- CASE 'delete_reports' -%]<span>Delete SQL reports</span>
[%- CASE 'create_reports' -%]<span>Create SQL reports</span>
[%- CASE 'execute_reports' -%]<span>Execute SQL reports</span>
[%- CASE 'add_reserves' -%]<span>Add course reserves</span>
</div>
[% END %]
- [% IF ( CAN_user_reports_create_reports ) %]
+ [% IF ( CAN_user_reports_delete_reports ) %]
<div class="btn-group">
<a class="delete btn btn-small" href="/cgi-bin/koha/reports/guided_reports.pl?reports=[% id %]&phase=Delete%20Saved">
<i class="fa fa-trash"></i> Delete
<p>If the staff member has 'reports' permissions they have the ability to perform all of these actions. If you would like to control reports permissions on a more granular level choose from these options:</p>
<ul>
+ <li>delete_reports
+<ul>
+ <li>Delete SQL Reports</li>
+ <li>The ability to delete but not run SQL reports</li>
+</ul>
+</li>
<li>create_reports
<ul>
<li>Create SQL Reports</li>
<tbody>
[% FOREACH savedreport IN savedreports %]
[% UNLESS ( loop.odd ) %]<tr class="odd">[% ELSE %]<tr>[% END %]
- <td><input type="checkbox" name="ids" value="[% savedreport.id %]" /></td>
+ <td>
+ [% IF ( CAN_user_reports_delete_reports ) %] <!-- not break CSS -->
+ <input type="checkbox" name="ids" value="[% savedreport.id %]" />
+ [% END %]
+ </td>
<td><label for="ids">[% savedreport.id %]</label></td>
<td>
[% IF ( savedreport.report_name ) %]
[% END %]
<li><a href="/cgi-bin/koha/reports/guided_reports.pl?reports=[% savedreport.id %]&phase=Run%20this%20report"><i class="fa fa-play"></i> Run</a></li>
<li><a href="/cgi-bin/koha/tools/scheduler.pl?id=[% savedreport.id %]"><i class="fa fa-clock-o"></i> Schedule</a></li>
- [% IF ( CAN_user_reports_create_reports ) %]
+ [% IF ( CAN_user_reports_delete_reports ) %]
<li><a class="confirmdelete" title="Delete this saved report" href="/cgi-bin/koha/reports/guided_reports.pl?reports=[% savedreport.id %]&phase=Delete%20Saved"><i class="fa fa-trash"></i> Delete</a></li>
[% END %]
</ul>
[% END %]
</tbody>
</table>
+ [% IF ( CAN_user_reports_delete_reports ) %]
<fieldset class="action">
<input type="submit" value="Delete selected" />
</fieldset>
+ [% END %]
</form>
</div>
</div>
my $phase = $input->param('phase') // '';
my $flagsrequired;
-if ( $phase eq 'Build new' or $phase eq 'Delete Saved' ) {
+if ( $phase eq 'Build new' ) {
$flagsrequired = 'create_reports';
}
elsif ( $phase eq 'Use saved' ) {
$flagsrequired = 'execute_reports';
-} else {
+}
+elsif ( $phase eq 'Delete Saved' ) {
+ $flagsrequired = 'delete_reports';
+}
+else {
$flagsrequired = '*';
}
projects / koha-equinox.git / commitdiff