[Bug 27345] New: C4::Auth::get_template_and_user is missing some permissions for superlibrarian
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=27345 Bug ID: 27345 Summary: C4::Auth::get_template_and_user is missing some permissions for superlibrarian Change sponsored?: --- Product: Koha Version: unspecified Hardware: All OS: All Status: ASSIGNED Severity: normal Priority: P5 - low Component: Architecture, internals, and plumbing Assignee: jonathan.druart@bugs.koha-community.org Reporter: jonathan.druart@bugs.koha-community.org QA Contact: testopia@bugs.koha-community.org When a superlibrarian is logged in, C4::Auth::get_template_and_user pass the CAN_user_$flag to the template, but some are missing: suggestions, lists, cash_management So far they are not used in the template but it will avoid a developer to spend time on it if we fix it now. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=27345 Jonathan Druart <jonathan.druart@bugs.koha-community.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |Needs Signoff -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=27345 --- Comment #1 from Jonathan Druart <jonathan.druart@bugs.koha-community.org> --- Created attachment 114873 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=114873&action=edit Bug 27345: Add missing global permissions for superlibrarian When a superlibrarian is logged in, C4::Auth::get_template_and_user pass the CAN_user_$flag to the template, but some are missing: suggestions, lists, cash_management So far they are not used in the template but it will avoid a developer to spend time on it if we fix it now. Test plan: Compare with installer/data/mysql/mandatory/userflags.sql Note that we don't need selfcheck -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=27345 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dcook@prosentient.com.au --- Comment #2 from David Cook <dcook@prosentient.com.au> --- This could actually be a good opportunity to do some refactoring... If you go to https://bugs.koha-community.org/bugzilla3/page.cgi?id=splinter.html&bug=26791&attachment=113660 and click "Auth.pm", you'll see a function called "get_authz_from_flags". That could be further optimized by fetching the permissions from userflags (as you note) to dynamically make sure that the superlibrarian has all the right permissions. By the way, if we refactor it along the lines of what I've done on Bug 26791, we could add unit tests too. Originally I wanted to refactor C4::Auth::get_template_and_user, but I figured there was no hope doing it alone. But if you're interested in proving it, I'm happy to work with you. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=27345 --- Comment #3 from Katrin Fischer <katrin.fischer@bsz-bw.de> --- I think maybe the refactor could go onto a separate bug? We will want to keep this small and easy for easy backport with little risk. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=27345 --- Comment #4 from David Cook <dcook@prosentient.com.au> --- (In reply to Katrin Fischer from comment #3)
I think maybe the refactor could go onto a separate bug? We will want to keep this small and easy for easy backport with little risk.
I figured we'd have to test to the same degree in both cases so thought refactoring would be more efficient here but no worries if not. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=27345 --- Comment #5 from Jonathan Druart <jonathan.druart@bugs.koha-community.org> --- I think we should keep this patch as simple as it is. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=27345 --- Comment #6 from David Cook <dcook@prosentient.com.au> --- (In reply to Jonathan Druart from comment #5)
I think we should keep this patch as simple as it is.
Sure thing -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=27345 --- Comment #7 from David Cook <dcook@prosentient.com.au> --- My test plan: 1. Go to http://localhost:8081/cgi-bin/koha/mainpage.pl 2. Note that you can see all the modules and options that you can usually see -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=27345 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Needs Signoff |Signed Off -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=27345 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #114873|0 |1 is obsolete| | --- Comment #8 from David Cook <dcook@prosentient.com.au> --- Created attachment 114901 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=114901&action=edit Bug 27345: Add missing global permissions for superlibrarian When a superlibrarian is logged in, C4::Auth::get_template_and_user pass the CAN_user_$flag to the template, but some are missing: suggestions, lists, cash_management So far they are not used in the template but it will avoid a developer to spend time on it if we fix it now. Test plan: Compare with installer/data/mysql/mandatory/userflags.sql Note that we don't need selfcheck Signed-off-by: David Cook <dcook@prosentient.com.au> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=27345 Nick Clemens <nick@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Signed Off |Passed QA -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=27345 Nick Clemens <nick@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #114901|0 |1 is obsolete| | --- Comment #9 from Nick Clemens <nick@bywatersolutions.com> --- Created attachment 114962 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=114962&action=edit Bug 27345: Add missing global permissions for superlibrarian When a superlibrarian is logged in, C4::Auth::get_template_and_user pass the CAN_user_$flag to the template, but some are missing: suggestions, lists, cash_management So far they are not used in the template but it will avoid a developer to spend time on it if we fix it now. Test plan: Compare with installer/data/mysql/mandatory/userflags.sql Note that we don't need selfcheck Signed-off-by: David Cook <dcook@prosentient.com.au> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=27345 Jonathan Druart <jonathan.druart@bugs.koha-community.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Passed QA |Pushed to master Version(s)| |21.05.00 released in| | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=27345 --- Comment #10 from Jonathan Druart <jonathan.druart@bugs.koha-community.org> --- Pushed to master for 21.05, thanks to everybody involved! -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=27345 Fridolin Somers <fridolin.somers@biblibre.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |fridolin.somers@biblibre.co | |m Status|Pushed to master |Pushed to stable Version(s)|21.05.00 |21.05.00,20.11.02 released in| | --- Comment #11 from Fridolin Somers <fridolin.somers@biblibre.com> --- Pushed to 20.11.x for 20.11.02 -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=27345 Andrew Fuerste-Henry <andrew@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Pushed to stable |Pushed to oldstable Version(s)|21.05.00,20.11.02 |21.05.00,20.11.02,20.05.08 released in| | CC| |andrew@bywatersolutions.com --- Comment #12 from Andrew Fuerste-Henry <andrew@bywatersolutions.com> --- Pushed to 20.05.x for 20.05.08 -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=27345 Victor Grousset/tuxayo <victor@tuxayo.net> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Pushed to oldstable |RESOLVED CC| |victor@tuxayo.net Resolution|--- |FIXED --- Comment #13 from Victor Grousset/tuxayo <victor@tuxayo.net> --- Not backported to oldoldstable (19.11.x). Feel free to ask if it's needed. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=27345 Caroline Cyr La Rose <caroline.cyr-la-rose@inlibro.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |caroline.cyr-la-rose@inlibr | |o.com -- You are receiving this mail because: You are watching all bug changes.
participants (1)
-
bugzilla-daemon@bugs.koha-community.org