}
);
+my $logged_in_patron = Koha::Patrons->find( $loggedinuser );
+
our $basket = GetBasket($basketno);
$booksellerid = $basket->{booksellerid} unless $booksellerid;
my $bookseller = Koha::Acquisition::Booksellers->find( $booksellerid );
my @messages;
if ( $op eq 'delete_confirm' ) {
+
+ output_and_exit( $query, $cookie, $template, 'insufficient_permission' )
+ unless $logged_in_patron->has_permission( { acquisition => 'delete_baskets' } );
+
my $basketno = $query->param('basketno');
my $delbiblio = $query->param('delbiblio');
my @orders = GetOrders($basketno);
(11, 'edit_invoices', 'Edit invoices')
|);
+ $dbh->do(q|
+ INSERT IGNORE INTO permissions (module_bit, code, description) VALUES
+ (11, 'delete_baskets', 'Delete baskets')
+ |);
$dbh->do(q|
INSERT IGNORE INTO permissions (module_bit, code, description) VALUES
|);
SetVersion( $DBversion );
- print "Upgrade to $DBversion done (Bug 24157: Add new permissions reopen_closed_invoices, edit_invoices delete_invoices)\n";
+ print "Upgrade to $DBversion done (Bug 24157: Add new permissions reopen_closed_invoices, edit_invoices, delete_invoices, delete_baskets)\n";
}
(11, 'reopen_closed_invoices', 'Reopen closed invoices'),
(11, 'edit_invoices', 'Edit invoices'),
(11, 'delete_invoices', 'Delete invoices'),
+ (11, 'delete_baskets', 'Delete baskets'),
(12, 'suggestions_manage', 'Manage purchase suggestions'),
(13, 'edit_news', 'Write news for the OPAC and staff interfaces'),
(13, 'label_creator', 'Create printable labels and barcodes from catalog and patron data'),
Delete invoices
</span>
<span class="permissioncode">([% name | html %])</span>
+ [%- CASE 'delete_baskets' -%]
+ <span class="sub_permission delete_baskets_subpermission">
+ Delete baskets
+ </span>
+ <span class="permissioncode">([% name | html %])</span>
[%# self_check %]
[%- CASE 'self_checkin_module' -%]
<span class="sub_permission self_checkin_module_subpermission">
<div class="btn-group"><a href="#addtoBasket" role="button" class="btn btn-default" data-toggle="modal"><i class="fa fa-plus"></i> Add to basket</a></div>
[% END %]
<div class="btn-group"><a href="basketheader.pl?booksellerid=[% booksellerid | uri %]&basketno=[% basketno | uri %]&op=add_form" class="btn btn-default" id="basketheadbutton"><i class="fa fa-pencil"></i> Edit basket</a></div>
- [%# FIXME This action should not be available for everyone %]
- <div class="btn-group"><a href="#deleteBasketModal" role="button" class="btn btn-default" data-toggle="modal" id="delbasketbutton"><i class="fa fa-trash"></i> Delete this basket</a></div>
+ [% IF CAN_user_acquisition_delete_baskets %]
+ <div class="btn-group"><a href="#deleteBasketModal" role="button" class="btn btn-default" data-toggle="modal" id="delbasketbutton"><i class="fa fa-trash"></i> Delete this basket</a></div>
+ [% END %]
[% IF ( unclosable ) %]
[% ELSIF ( uncertainprices ) %]
<div class="btn-group"><a href="/cgi-bin/koha/acqui/uncertainprice.pl?booksellerid=[% booksellerid | uri %]&owner=1" class="btn btn-default" id="uncertpricesbutton"><i class="fa fa-usd"></i> Uncertain prices</a></div>