[Bug 10888] New: Don't hide authorities module from users without permission to edit authorities
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10888 Bug ID: 10888 Summary: Don't hide authorities module from users without permission to edit authorities Change sponsored?: --- Product: Koha Version: master Hardware: All OS: All Status: ASSIGNED Severity: normal Priority: P5 - low Component: Templates Assignee: oleonard@myacpl.org Reporter: oleonard@myacpl.org QA Contact: testopia@bugs.koha-community.org Right now we hide the authorities module from users who do not have permission to edit authorities. I don't see any reason why we couldn't make authority searching available in the staff client (as it can be in the OPAC) and hide edit/delete controls from users without permission. -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10888 Owen Leonard <oleonard@myacpl.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |Needs Signoff Patch complexity|--- |Small patch -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10888 --- Comment #1 from Owen Leonard <oleonard@myacpl.org> --- Created attachment 21098 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=21098&action=edit Bug 10888 - Don't hide authorities module from users without permission to edit authorities It should be possible for staff client users to search and view authority records even if they don't have permission to edit them. To test, apply the patch and view the staff client as a user with and without "editauthorities" permission. With "editauthorities" permission, authority search results should show both an edit and delete link. Viewing the details of an authority record, one should see a toolbar with edit/delete/new options. The detail view has been altered to use the term "record" in place of "biblio" ("Used in X record(s)). Without "editauthorities" permission, authority search results should show no edit or delete link. Viewing the details of an authority, the only option shown in the toolbar should be "Save." On the staff client home page and in the header's "More" menu the link to the authorities module should now appear with and without permission to edit authorities. -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10888 Owen Leonard <oleonard@myacpl.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |chris@bigballofwax.co.nz --- Comment #2 from Owen Leonard <oleonard@myacpl.org> --- *** Bug 5916 has been marked as a duplicate of this bug. *** -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10888 Owen Leonard <oleonard@myacpl.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |magnus@enger.priv.no --- Comment #3 from Owen Leonard <oleonard@myacpl.org> --- *** Bug 9086 has been marked as a duplicate of this bug. *** -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10888 Paola Rossi <paola.rossi@cineca.it> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Needs Signoff |In Discussion CC| |paola.rossi@cineca.it --- Comment #4 from Paola Rossi <paola.rossi@cineca.it> --- I installed the patch. It works fine with the "editauthorities" permission. Without the "editauthorities" permission, the search works well, while the save option doesn't work and sends the session in "you're not permitted" webpage. The save option sends you to this link: /cgi-bin/koha/authorities/export.pl?format=mads&op=export&authid=1 The cgi export.pl, under "authorities", is affected by "editauthorities" permission. So I can't sign off. In my opinion the patch is not complete; we have two options in the case of no "editauthorities" permission: 1) authority search results should show no edit or delete link or save link; 2) a new specific permission is required, to search and to save too. -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10888 Owen Leonard <oleonard@myacpl.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|In Discussion |Failed QA --- Comment #5 from Owen Leonard <oleonard@myacpl.org> --- Thanks Paola, you're right that this needs more work. Setting this to "in discussion" is too polite. It should be "Failed QA." -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10888 Owen Leonard <oleonard@myacpl.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Failed QA |Needs Signoff -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10888 Owen Leonard <oleonard@myacpl.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #21098|0 |1 is obsolete| | --- Comment #6 from Owen Leonard <oleonard@myacpl.org> --- Created attachment 21124 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=21124&action=edit Bug 10888 - Don't hide authorities module from users without permission to edit authorities It should be possible for staff client users to search and view authority records even if they don't have permission to edit them. To test, apply the patch and view the staff client as a user with and without "editauthorities" permission. With "editauthorities" permission, authority search results should show both an edit and delete link. Viewing the details of an authority record, one should see a toolbar with edit/delete/new options. The detail view has been altered to use the term "record" in place of "biblio" ("Used in X record(s)). Without "editauthorities" permission, authority search results should show no edit or delete link. Viewing the details of an authority, the only option shown in the toolbar should be "Save." On the staff client home page and in the header's "More" menu the link to the authorities module should now appear with and without permission to edit authorities. Revision: Corrected permissions in export script to allow saving of authority records by users who do not have permission to edit. -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10888 Paola Rossi <paola.rossi@cineca.it> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Needs Signoff |Failed QA --- Comment #7 from Paola Rossi <paola.rossi@cineca.it> --- I can't sign off the patch. With permission to edit authorities, all the options but "Edit" work fine. So, in the cgi searchresultlist.tt, I changed the line 89 from: <a href="/cgi-bin/koha/authorities/authorities.pl?authid=[% authid %]">Edit</a> to: <a href="/cgi-bin/koha/authorities/authorities.pl?authid=[% resul.authid %]">Edit</a> Then, with permission to edit authorities, all the options work fine. Without permission to edit authorities, the option "save" works fine. But the option "duplicate" is presented too. -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10888 Owen Leonard <oleonard@myacpl.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Failed QA |Needs Signoff -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10888 Owen Leonard <oleonard@myacpl.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #21124|0 |1 is obsolete| | --- Comment #8 from Owen Leonard <oleonard@myacpl.org> --- Created attachment 21142 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=21142&action=edit Bug 10888 - Don't hide authorities module from users without permission to edit authorities It should be possible for staff client users to search and view authority records even if they don't have permission to edit them. To test, apply the patch and view the staff client as a user with and without "editauthorities" permission. With "editauthorities" permission, authority search results should show both an edit and delete link. Viewing the details of an authority record, one should see a toolbar with edit/delete/new options. The detail view has been altered to use the term "record" in place of "biblio" ("Used in X record(s)). Without "editauthorities" permission, authority search results should show no edit or delete link. Viewing the details of an authority, the only option shown in the toolbar should be "Save." On the staff client home page and in the header's "More" menu the link to the authorities module should now appear with and without permission to edit authorities. Revision: Corrected permissions in export script to allow saving of authority records by users who do not have permission to edit. Revision: Corrected incorrect merge with 10600 (duplicate authority) -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10888 Owen Leonard <oleonard@myacpl.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #21142|0 |1 is obsolete| | -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10888 Owen Leonard <oleonard@myacpl.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Needs Signoff |Failed QA -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10888 Owen Leonard <oleonard@myacpl.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Failed QA |Needs Signoff -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10888 --- Comment #9 from Owen Leonard <oleonard@myacpl.org> --- Created attachment 21143 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=21143&action=edit Bug 10888 - Don't hide authorities module from users without permission to edit authorities It should be possible for staff client users to search and view authority records even if they don't have permission to edit them. To test, apply the patch and view the staff client as a user with and without "editauthorities" permission. With "editauthorities" permission, authority search results should show both an edit and delete link. Viewing the details of an authority record, one should see a toolbar with edit/delete/new options. The detail view has been altered to use the term "record" in place of "biblio" ("Used in X record(s)). Without "editauthorities" permission, authority search results should show no edit or delete link. Viewing the details of an authority, the only option shown in the toolbar should be "Save." On the staff client home page and in the header's "More" menu the link to the authorities module should now appear with and without permission to edit authorities. Revision: Corrected permissions in export script to allow saving of authority records by users who do not have permission to edit. Revision: Corrected incorrect merge with 10600 (duplicate authority) -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10888 Paola Rossi <paola.rossi@cineca.it> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Needs Signoff |Signed Off Assignee|oleonard@myacpl.org |paola.rossi@cineca.it --- Comment #10 from Paola Rossi <paola.rossi@cineca.it> --- Created attachment 21226 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=21226&action=edit Bug 10888 Don t hide authorities module from users without permission to edit authorities -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10888 --- Comment #11 from Paola Rossi <paola.rossi@cineca.it> --- I signed off the patch -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10888 Jonathan Druart <jonathan.druart@biblibre.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Signed Off |Passed QA CC| |jonathan.druart@biblibre.co | |m QA Contact|testopia@bugs.koha-communit |jonathan.druart@biblibre.co |y.org |m --- Comment #12 from Jonathan Druart <jonathan.druart@biblibre.com> --- QA comment: Looks consistent to me. I don't think a new permission for searching authorities is relevant. Marked as Passed QA. -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10888 --- Comment #13 from Jonathan Druart <jonathan.druart@biblibre.com> --- Created attachment 21229 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=21229&action=edit Bug 10888 - Don't hide authorities module from users without permission to edit authorities It should be possible for staff client users to search and view authority records even if they don't have permission to edit them. To test, apply the patch and view the staff client as a user with and without "editauthorities" permission. With "editauthorities" permission, authority search results should show both an edit and delete link. Viewing the details of an authority record, one should see a toolbar with edit/delete/new options. The detail view has been altered to use the term "record" in place of "biblio" ("Used in X record(s)). Without "editauthorities" permission, authority search results should show no edit or delete link. Viewing the details of an authority, the only option shown in the toolbar should be "Save." On the staff client home page and in the header's "More" menu the link to the authorities module should now appear with and without permission to edit authorities. Revision: Corrected permissions in export script to allow saving of authority records by users who do not have permission to edit. Revision: Corrected incorrect merge with 10600 (duplicate authority) Signed-off-by: Paola Rossi <paola.rossi@cineca.it> Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com> -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10888 Galen Charlton <gmcharlt@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |gmcharlt@gmail.com --- Comment #14 from Galen Charlton <gmcharlt@gmail.com> --- General reminder -- when signing off, please remember to mark 'obsolete' older versions of the patch when attaching the version with your signoff. -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10888 Galen Charlton <gmcharlt@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #21143|0 |1 is obsolete| | -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10888 Galen Charlton <gmcharlt@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #21226|0 |1 is obsolete| | -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10888 Galen Charlton <gmcharlt@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Passed QA |Pushed to Master --- Comment #15 from Galen Charlton <gmcharlt@gmail.com> --- Pushed to master. Thanks, Owen! -- You are receiving this mail because: You are watching all bug changes.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10888 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Pushed to Master |Pushed to Stable CC| |tomascohen@gmail.com --- Comment #16 from Tomás Cohen Arazi <tomascohen@gmail.com> --- This patch has been pushed to 3.12.x, will be in 3.12.7. Thanks Owen! -- You are receiving this mail because: You are watching all bug changes.
participants (1)
-
bugzilla-daemon@bugs.koha-community.org