Bug 22868: Move suggestions_manage subperm out of acquisition perm

Bug 11911 replaced the permission of suggestions.pl (create a purchase
suggestion) from catalogue => 1 to acquisition => 'suggestions_manage'.
However we have a lot of acquisition scripts that have lax permissions
(acquisition => '*' which means any sub permissions of acquisition is
enough).

That causes problem when a circulation staff can create purchase
suggestions but not access acquisition information.

One solution is to move the suggestions_manage subpermission out of the
acquisition permission and create a new suggestion permission.

Test plan:
0. Setup
* Create a patron with several permission (and full acquisition
permission)
* Create another patron with several permission, and suggestions_manage
permission
* Create another patron without the suggestions_manage permission
1. Apply the patch and execute the update database entry
2. Note that the third patron you create still does not have
suggestions_manage
3. Confirm that you can create a purchase suggestion if you have
suggestions_manage, but cannot access acquisition pages if you do not
have any subpermissions of the acquisition permission

Signed-off-by: Hayley Mapley <hayleymapley@catalyst.net.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

diff --git a/installer/data/mysql/atomicupdate/bug_22868.perl b/installer/data/mysql/atomicupdate/bug_22868.perl
new file mode 100644 (file)
index 0000000..ab4853d
--- /dev/null
+++ b/installer/data/mysql/atomicupdate/bug_22868.perl
@@ -0,0 +1,19 @@
+$DBversion = 'XXX'; # will be replaced by the RM
+if( CheckVersion( $DBversion ) ) {
+    $dbh->do(q{
+        INSERT IGNORE INTO `userflags` (`bit`, `flag`, `flagdesc`, `defaulton`)
+        VALUES (12, 'suggestions', 'Suggestion management', 0)
+    });
+
+    $dbh->do(q{
+        UPDATE permissions SET module_bit=12
+        WHERE code="suggestions_manage"
+    });
+
+    $dbh->do(q{
+        UPDATE borrowers SET flags = flags + (1<<12) WHERE flags & (1 << 11)
+    });
+
+    SetVersion( $DBversion );
+    print "Upgrade to $DBversion done (Bug 22868 - Move suggestions_manage subpermission out of acquisition permission)\n";
+}

diff --git a/installer/data/mysql/userflags.sql b/installer/data/mysql/userflags.sql
index 5b1748d..ecadc0d 100644 (file)
--- a/installer/data/mysql/userflags.sql
+++ b/installer/data/mysql/userflags.sql
@@ -8,7 +8,8 @@ INSERT INTO userflags (bit, flag, flagdesc, defaulton) VALUES
 (6,'reserveforothers','Place and modify holds for patrons',0),
 (9,'editcatalogue','Edit catalog (Modify bibliographic/holdings data)',0),
 (10,'updatecharges','Manage patrons fines and fees',0),
-(11,'acquisition','Acquisition and/or suggestion management',0),
+(11,'acquisition','Acquisition management',0),
+(12,'suggestions','Suggestion management',0),
 (13,'tools','Use all tools (expand for granular tools permissions)',0),
 (14,'editauthorities','Edit authorities',0),
 (15,'serials','Manage serial subscriptions',0),

diff --git a/installer/data/mysql/userpermissions.sql b/installer/data/mysql/userpermissions.sql
index 368849b..136c7b1 100644 (file)
--- a/installer/data/mysql/userpermissions.sql
+++ b/installer/data/mysql/userpermissions.sql
@@ -49,7 +49,6 @@ INSERT INTO permissions (module_bit, code, description) VALUES
    (10, 'writeoff', 'Write off fines and fees'),
    (10, 'remaining_permissions', 'Remaining permissions for managing fines and fees'),
    (11, 'currencies_manage', 'Manage currencies and exchange rates'),
-   (11, 'suggestions_manage', 'Manage purchase suggestions'),
    (11, 'vendors_manage', 'Manage vendors'),
    (11, 'contracts_manage', 'Manage contracts'),
    (11, 'period_manage', 'Manage budgets'),
@@ -63,6 +62,7 @@ INSERT INTO permissions (module_bit, code, description) VALUES
    (11, 'budget_add_del', 'Add and delete funds (but can''t modify funds)'),
    (11, 'budget_manage_all', 'Manage all funds'),
    (11, 'edi_manage', 'Manage EDIFACT transmissions'),
+   (12, 'suggestions_manage', 'Manage purchase suggestions'),
    (13, 'edit_news', 'Write news for the OPAC and staff interfaces'),
    (13, 'label_creator', 'Create printable labels and barcodes from catalog and patron data'),
    (13, 'edit_calendar', 'Define days when the library is closed'),

diff --git a/koha-tmpl/intranet-tmpl/prog/en/includes/acquisitions-menu.inc b/koha-tmpl/intranet-tmpl/prog/en/includes/acquisitions-menu.inc
index f5ef2e4..de132ec 100644 (file)
--- a/koha-tmpl/intranet-tmpl/prog/en/includes/acquisitions-menu.inc
+++ b/koha-tmpl/intranet-tmpl/prog/en/includes/acquisitions-menu.inc
@@ -4,7 +4,7 @@
         <ul>
             <li><a href="/cgi-bin/koha/acqui/acqui-home.pl">Acquisitions home</a></li>
             [% IF ( CAN_user_acquisition_order_receive ) %]<li><a href="/cgi-bin/koha/acqui/lateorders.pl">Late orders</a></li>[% END %]
-            [% IF ( suggestion && CAN_user_acquisition_suggestions_manage ) %]<li><a href="/cgi-bin/koha/suggestion/suggestion.pl">Suggestions</a></li>[% END %]
+            [% IF ( suggestion && CAN_user_suggestions_suggestions_manage ) %]<li><a href="/cgi-bin/koha/suggestion/suggestion.pl">Suggestions</a></li>[% END %]
             <li><a href="/cgi-bin/koha/acqui/invoices.pl">Invoices</a></li>
             [% IF CAN_user_acquisition_edi_manage %]
                 <li><a href="/cgi-bin/koha/acqui/edifactmsgs.pl">EDIFACT messages</a></li>

diff --git a/koha-tmpl/intranet-tmpl/prog/en/includes/circ-menu.inc b/koha-tmpl/intranet-tmpl/prog/en/includes/circ-menu.inc
index a79a55f..a8328bc 100644 (file)
--- a/koha-tmpl/intranet-tmpl/prog/en/includes/circ-menu.inc
+++ b/koha-tmpl/intranet-tmpl/prog/en/includes/circ-menu.inc
@@ -122,7 +122,7 @@
         [% END %]
     [% END %]
 
-    [% IF CAN_user_acquisition_suggestions_manage %]
+    [% IF CAN_user_suggestions_suggestions_manage %]
         [% IF ( suggestionsview ) %]<li class="active">[% ELSE %]<li>[% END %]<a href="/cgi-bin/koha/members/purchase-suggestions.pl?borrowernumber=[% patron.borrowernumber | uri %]">Purchase suggestions</a></li>
     [% END %]
     [% IF CAN_user_borrowers_edit_borrowers && useDischarge %]

diff --git a/koha-tmpl/intranet-tmpl/prog/en/includes/permissions.inc b/koha-tmpl/intranet-tmpl/prog/en/includes/permissions.inc
index b66d9bd..3f7cb44 100644 (file)
--- a/koha-tmpl/intranet-tmpl/prog/en/includes/permissions.inc
+++ b/koha-tmpl/intranet-tmpl/prog/en/includes/permissions.inc
@@ -28,7 +28,10 @@
         <span class="main_permission updatecharges_permission">Manage patrons fines and fees</span>
         <span class="permissioncode">([% name | html %])</span>
     [%- CASE 'acquisition' -%]
-        <span class="main_permission acquisition_permission">Acquisition and/or suggestion management</span>
+        <span class="main_permission acquisition_permission">Acquisition management</span>
+        <span class="permissioncode">([% name | html %])</span>
+    [%- CASE 'suggestions' -%]
+        <span class="main_permission suggestions_permission">Suggestions management</span>
         <span class="permissioncode">([% name | html %])</span>
     [%- CASE 'tools' -%]
         <span class="main_permission tools_permission">Use all tools (expand for granular tools permissions)</span>

diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/acqui-home.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/acqui-home.tt
index f20c54c..83dc7e3 100644 (file)
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/acqui-home.tt
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/acqui-home.tt
@@ -49,7 +49,7 @@
 </div>
 </div>
 
-[% IF ( CAN_user_acquisition_suggestions_manage && suggestion && suggestions_count ) %]
+[% IF ( CAN_user_suggestions_suggestions_manage && suggestion && suggestions_count ) %]
 <div class="col-sm-6">
     <div id="acqui_acqui_home_suggestions">
         <fieldset>

diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/intranet-main.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/intranet-main.tt
index 4cda8c1..f6a2135 100644 (file)
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/intranet-main.tt
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/intranet-main.tt
@@ -144,7 +144,7 @@
                                 </div>
                                 [% END %]
 
-                                [% IF ( CAN_user_acquisition_suggestions_manage && pendingsuggestions ) %]
+                                [% IF ( CAN_user_suggestions_suggestions_manage && pendingsuggestions ) %]
                                 <div class="pending-info" id="suggestions_pending">
 
                                     <a href="/cgi-bin/koha/suggestion/suggestion.pl#ASKED">Suggestions pending approval</a>:

diff --git a/members/purchase-suggestions.pl b/members/purchase-suggestions.pl
index d064afd..2efbeb7 100755 (executable)
--- a/members/purchase-suggestions.pl
+++ b/members/purchase-suggestions.pl
@@ -34,7 +34,7 @@ my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
         query           => $input,
         type            => "intranet",
         authnotrequired => 0,
-        flagsrequired   => { acquisition => 'suggestions_manage' },
+        flagsrequired   => { suggestions => 'suggestions_manage' },
         debug           => 1,
     }
 );

diff --git a/suggestion/suggestion.pl b/suggestion/suggestion.pl
index 6b655f8..6a93e7a 100755 (executable)
--- a/suggestion/suggestion.pl
+++ b/suggestion/suggestion.pl
@@ -112,7 +112,7 @@ my ( $template, $borrowernumber, $cookie, $userflags ) = get_template_and_user(
             template_name   => "suggestion/suggestion.tt",
             query           => $input,
             type            => "intranet",
-            flagsrequired   => { acquisition => 'suggestions_manage' },
+            flagsrequired   => { suggestions => 'suggestions_manage' },
         }
     );