projects / koha.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch (parent: 2823fee)
Bug 9422: Don't allow access to 'Upload patron images' when patronimages syspref...
authorKatrin Fischer <katrin.fischer.83@web.de>
Sun, 10 Feb 2019 11:09:08 +0000 (12:09 +0100)
committerMartin Renvoize <martin.renvoize@ptfs-europe.com>
Fri, 3 Apr 2020 13:26:32 +0000 (14:26 +0100)
In addition to checking the patron image upload permission, this
adds a check for the patronimages system preference to the tools
home page and sidebar.

To test:
- Check that the patron image upload tool only displays when
  - system preference patronimages is set to 'Allow'
    and user is either
  - superlibrarian or
  - has bath_upload_patron_images permission
- Save URL of patron image uploader page
- Turn off patronimages
- Verify you get redirected to the home page of Koha when trying
  to access the page

Note: this redirect is already used by the stock rotation feature.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

koha-tmpl/intranet-tmpl/prog/en/includes/tools-menu.inc patch | blob | history
koha-tmpl/intranet-tmpl/prog/en/modules/tools/tools-home.tt patch | blob | history
tools/picture-upload.pl patch | blob | history

diff --git a/koha-tmpl/intranet-tmpl/prog/en/includes/tools-menu.inc b/koha-tmpl/intranet-tmpl/prog/en/includes/tools-menu.inc
index 3df0409..6526d0c 100644 (file)
--- a/koha-tmpl/intranet-tmpl/prog/en/includes/tools-menu.inc
+++ b/koha-tmpl/intranet-tmpl/prog/en/includes/tools-menu.inc
@@ -7,7 +7,7 @@
 </ul>
 [% IF ( CAN_user_tools_manage_patron_lists || CAN_user_clubs || CAN_user_tools_moderate_comments || CAN_user_tools_import_patrons
   || CAN_user_tools_edit_notices || CAN_user_tools_edit_notice_status_triggers || CAN_user_tools_label_creator || CAN_user_tools_delete_anonymize_patrons
-  || CAN_user_tools_edit_patrons || CAN_user_tools_moderate_tags || CAN_user_tools_batch_upload_patron_images ) %]
+  || CAN_user_tools_edit_patrons || CAN_user_tools_moderate_tags || ( CAN_user_tools_batch_upload_patron_images && Koha.Preference('patronimages') ) ) %]
 <h5>Patrons and circulation</h5>
 <ul>
     [% IF ( CAN_user_tools_manage_patron_lists ) %]
@@ -43,7 +43,7 @@
     [% IF ( CAN_user_tools_moderate_tags ) %]
     <li><a href="/cgi-bin/koha/tags/review.pl">Tag moderation</a></li>
     [% END %]
-    [% IF ( CAN_user_tools_batch_upload_patron_images ) %]
+    [% IF ( CAN_user_tools_batch_upload_patron_images && Koha.Preference('patronimages') ) %]
        <li><a href="/cgi-bin/koha/tools/picture-upload.pl">Upload patron images</a></li>
     [% END %]
 </ul>
diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/tools/tools-home.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/tools/tools-home.tt
index b4e7816..15df042 100644 (file)
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/tools/tools-home.tt
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/tools/tools-home.tt
@@ -15,7 +15,7 @@
         <div class="col-sm-4">
 [% IF ( CAN_user_tools_manage_patron_lists || CAN_user_clubs || CAN_user_tools_moderate_comments || CAN_user_tools_import_patrons
   || CAN_user_tools_edit_notices || CAN_user_tools_edit_notice_status_triggers || CAN_user_tools_label_creator || CAN_user_tools_delete_anonymize_patrons
-  || CAN_user_tools_edit_patrons || CAN_user_tools_batch_extend_due_dates || CAN_user_tools_moderate_tags || CAN_user_tools_batch_upload_patron_images ) %]
+  || CAN_user_tools_edit_patrons || CAN_user_tools_batch_extend_due_dates || CAN_user_tools_moderate_tags || ( CAN_user_tools_batch_upload_patron_images && Koha.Preference('patronimages') ) ) ) %]
 <h3>Patrons and circulation</h3>
 [% END %]
 <dl>
@@ -74,7 +74,7 @@
     <dd>Moderate patron tags</dd>
     [% END %]
 
-    [% IF ( CAN_user_tools_batch_upload_patron_images ) %]
+    [% IF ( CAN_user_tools_batch_upload_patron_images && Koha.Preference('patronimages') ) %]
     <dt><a href="/cgi-bin/koha/tools/picture-upload.pl">Upload patron images</a></dt>
     <dd>Upload patron images in a batch or one at a time</dd>
     [% END %]
diff --git a/tools/picture-upload.pl b/tools/picture-upload.pl
index 54f18b5..e349f5a 100755 (executable)
--- a/tools/picture-upload.pl
+++ b/tools/picture-upload.pl
@@ -37,6 +37,12 @@ use Koha::Token;
 
 my $input = new CGI;
 
+unless (C4::Context->preference('patronimages')) {
+    # redirect to intranet home if patronimages is not enabled
+    print $input->redirect("/cgi-bin/koha/mainpage.pl");
+    exit;
+}
+
 my ($template, $loggedinuser, $cookie)
     = get_template_and_user({template_name => "tools/picture-upload.tt",
                                        query => $input,
Mirror of git://git.koha-community.org/koha.git