[Koha-patches] [PATCH] granular permissions - created DB tables
Galen Charlton
galen.charlton at liblime.com
Thu Apr 10 18:37:42 CEST 2008
First big commit in a project to add more granular
staff user permissions to Koha.
* Created two new database tables
permissions:
stores a list of defined permissions; each
permission is to be interpreted as a child
of a top-level permission defined in the
existing user flags. For example, Tools (bit 13)
now has a separate sub-permission for each
individual tool.
The columns are
module_bit = FK referencing userflags.bit
code = code, e.g., import_patrons
description = e.g., "Import patron data"
user_permissions:
stores a list of the specific permissions that
a staff user actually has. For example, if
staff user 123 has only the 'import_patrons' subpermission
of 'Tools' (module_bit = 13), that would be represented
by having (123, 13, 'import_patrons' in user_permissions.
user_permissions and borrowers.flags are now interpreted
as follows (assuming the CheckSpecificUserPermissions syspref
is ON):
* If the appropriate bit (e.g., bit 13 for Tools) is set
in borrowers.flags, the staff user can access all
Tools functions. There should be no rows in user_permissions
for that staff user and userflag bit combination.
* If the bit is not set in borrowers.flags, but one or
more rows are present in user_permissions for that
staff user and bit combination, the staff user can
access the specified sub-functions.
* If the bit is not set in borrower.flags and there are
no rows in user_permissions for that staff user and
bit combination, the user cannot access any of the functions.
Note that this means that if a staff user can access all
functions for a module (because the bit is set in borrowers.flags),
the user will automatically be able access any new subfunctions
added to permissions by a database update.
The columns are:
borrowernumber = FK referencing borrowers.borrowernumber
module_bit, code = FK referencing permissions
* Added a new system preference, CheckSpecificUserPermissions
If this system preference is ON, staff users can be assigned
specific permissions which will be respected during
authorization checks. If this system preference is OFF, the
current userflags semantics will continue to apply.
* Defined sub-permissions for Tools. The list of specific
tools permissions is now:
edit_news Write news for the OPAC and staff interfaces
label_creator Create printable labels and barcodes from catalog and patron data
edit_calendar Define days when the library is closed
moderate_comments Moderate patron comments
edit_notices Define notices
edit_notice_status_triggers Set notice/status triggers for overdue items
view_system_logs Browse the system logs
inventory Perform inventory (stocktaking) of your catalogue
stage_marc_import Stage MARC records into the reservoir
manage_staged_marc Manage staged MARC records, including completing and reversing imports
export_catalog Export bibliographic and holdings data
import_patrons Import patron data
delete_anonymize_patrons Delete old borrowers and anonymize circulation history (deletes borrower reading history)
batch_upload_patron_images Upload patron images in batch or one at a time
schedule_tasks Schedule tasks to run
---
admin/systempreferences.pl | 1 +
installer/data/mysql/en/mandatory/sysprefs.sql | 2 +
.../data/mysql/en/mandatory/userpermissions.sql | 17 ++++++++
.../data/mysql/en/mandatory/userpermissions.txt | 1 +
.../1-Obligatoire/unimarc_standard_systemprefs.sql | 1 +
.../mysql/fr-FR/1-Obligatoire/userpermissions.sql | 17 ++++++++
.../mysql/fr-FR/1-Obligatoire/userpermissions.txt | 1 +
installer/data/mysql/kohastructure.sql | 21 +++++++++
installer/data/mysql/updatedatabase.pl | 44 ++++++++++++++++++++
kohaversion.pl | 2 +-
10 files changed, 106 insertions(+), 1 deletions(-)
create mode 100644 installer/data/mysql/en/mandatory/userpermissions.sql
create mode 100644 installer/data/mysql/en/mandatory/userpermissions.txt
create mode 100644 installer/data/mysql/fr-FR/1-Obligatoire/userpermissions.sql
create mode 100644 installer/data/mysql/fr-FR/1-Obligatoire/userpermissions.txt
diff --git a/admin/systempreferences.pl b/admin/systempreferences.pl
index 37a30cf..84d134b 100755
--- a/admin/systempreferences.pl
+++ b/admin/systempreferences.pl
@@ -82,6 +82,7 @@ my %tabsysprefs;
$tabsysprefs{SessionStorage}="Admin";
$tabsysprefs{noItemTypeImages}="Admin";
$tabsysprefs{OPACBaseURL}="Admin";
+ $tabsysprefs{CheckSpecificUserPermissions}="Admin";
# Authorities
$tabsysprefs{authoritysep}="Authorities";
diff --git a/installer/data/mysql/en/mandatory/sysprefs.sql b/installer/data/mysql/en/mandatory/sysprefs.sql
index 633f5f3..b7642ea 100644
--- a/installer/data/mysql/en/mandatory/sysprefs.sql
+++ b/installer/data/mysql/en/mandatory/sysprefs.sql
@@ -181,3 +181,5 @@ INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES
INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES('OAI-PMH:Subset','itemtype=\'BOOK\'','Restrict answer to matching raws of the biblioitems table (experimental)',NULL,'Free');
INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES('OPACItemHolds','1','Allow OPAC users to place hold on specific items. If OFF, users can only request next available copy.','','YesNo');
+
+INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES('CheckSpecificUserPermissions','0','Check most specific staff user permissions',NULL,'YesNo');
diff --git a/installer/data/mysql/en/mandatory/userpermissions.sql b/installer/data/mysql/en/mandatory/userpermissions.sql
new file mode 100644
index 0000000..8f7e1c3
--- /dev/null
+++ b/installer/data/mysql/en/mandatory/userpermissions.sql
@@ -0,0 +1,17 @@
+INSERT INTO permissions (module_bit, code, description) VALUES
+ (13, 'edit_news', 'Write news for the OPAC and staff interfaces'),
+ (13, 'label_creator', 'Create printable labels and barcodes from catalog and patron data'),
+ (13, 'edit_calendar', 'Define days when the library is closed'),
+ (13, 'moderate_comments', 'Moderate patron comments'),
+ (13, 'edit_notices', 'Define notices'),
+ (13, 'edit_notice_status_triggers', 'Set notice/status triggers for overdue items'),
+ (13, 'view_system_logs', 'Browse the system logs'),
+ (13, 'inventory', 'Perform inventory (stocktaking) of your catalogue'),
+ (13, 'stage_marc_import', 'Stage MARC records into the reservoir'),
+ (13, 'manage_staged_marc', 'Managed staged MARC records, including completing and reversing imports'),
+ (13, 'export_catalog', 'Export bibliographic and holdings data'),
+ (13, 'import_patrons', 'Import patron data'),
+ (13, 'delete_anonymize_patrons', 'Delete old borrowers and anonymize circulation history (deletes borrower reading history)'),
+ (13, 'batch_upload_patron_images', 'Upload patron images in batch or one at a time'),
+ (13, 'schedule_tasks', 'Schedule tasks to run')
+;
diff --git a/installer/data/mysql/en/mandatory/userpermissions.txt b/installer/data/mysql/en/mandatory/userpermissions.txt
new file mode 100644
index 0000000..59b7ce1
--- /dev/null
+++ b/installer/data/mysql/en/mandatory/userpermissions.txt
@@ -0,0 +1 @@
+Detailed staff user permissions
diff --git a/installer/data/mysql/fr-FR/1-Obligatoire/unimarc_standard_systemprefs.sql b/installer/data/mysql/fr-FR/1-Obligatoire/unimarc_standard_systemprefs.sql
index 5d21fa2..647c9a5 100644
--- a/installer/data/mysql/fr-FR/1-Obligatoire/unimarc_standard_systemprefs.sql
+++ b/installer/data/mysql/fr-FR/1-Obligatoire/unimarc_standard_systemprefs.sql
@@ -183,3 +183,4 @@ INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES
INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES('CircControl',"ItemHomeLibrary",'Précise la bibliothèque qui contrôle les règles de prêt et d''amende',"PickupLibrary|PatronLibrary|ItemHomeLibrary",'Choice');
INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES('OPACItemHolds','1','Si activé, les adhérents peuvent placer des réservations sur un exemplaire spécifique. Sinon, il ne peuvent que réserver le prochain disponible.','','YesNo');
+INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES('CheckSpecificUserPermissions','0','Check most specific staff user permissions',NULL,'YesNo');
diff --git a/installer/data/mysql/fr-FR/1-Obligatoire/userpermissions.sql b/installer/data/mysql/fr-FR/1-Obligatoire/userpermissions.sql
new file mode 100644
index 0000000..8f7e1c3
--- /dev/null
+++ b/installer/data/mysql/fr-FR/1-Obligatoire/userpermissions.sql
@@ -0,0 +1,17 @@
+INSERT INTO permissions (module_bit, code, description) VALUES
+ (13, 'edit_news', 'Write news for the OPAC and staff interfaces'),
+ (13, 'label_creator', 'Create printable labels and barcodes from catalog and patron data'),
+ (13, 'edit_calendar', 'Define days when the library is closed'),
+ (13, 'moderate_comments', 'Moderate patron comments'),
+ (13, 'edit_notices', 'Define notices'),
+ (13, 'edit_notice_status_triggers', 'Set notice/status triggers for overdue items'),
+ (13, 'view_system_logs', 'Browse the system logs'),
+ (13, 'inventory', 'Perform inventory (stocktaking) of your catalogue'),
+ (13, 'stage_marc_import', 'Stage MARC records into the reservoir'),
+ (13, 'manage_staged_marc', 'Managed staged MARC records, including completing and reversing imports'),
+ (13, 'export_catalog', 'Export bibliographic and holdings data'),
+ (13, 'import_patrons', 'Import patron data'),
+ (13, 'delete_anonymize_patrons', 'Delete old borrowers and anonymize circulation history (deletes borrower reading history)'),
+ (13, 'batch_upload_patron_images', 'Upload patron images in batch or one at a time'),
+ (13, 'schedule_tasks', 'Schedule tasks to run')
+;
diff --git a/installer/data/mysql/fr-FR/1-Obligatoire/userpermissions.txt b/installer/data/mysql/fr-FR/1-Obligatoire/userpermissions.txt
new file mode 100644
index 0000000..59b7ce1
--- /dev/null
+++ b/installer/data/mysql/fr-FR/1-Obligatoire/userpermissions.txt
@@ -0,0 +1 @@
+Detailed staff user permissions
diff --git a/installer/data/mysql/kohastructure.sql b/installer/data/mysql/kohastructure.sql
index 834bb1f..2b18bb9 100644
--- a/installer/data/mysql/kohastructure.sql
+++ b/installer/data/mysql/kohastructure.sql
@@ -2011,6 +2011,16 @@ CREATE TABLE language_script_mapping (
KEY `language_subtag` (`language_subtag`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+DROP TABLE IF EXISTS `permissions`;
+CREATE TABLE `permissions` (
+ `module_bit` int(11) NOT NULL DEFAULT 0,
+ `code` varchar(30) DEFAULT NULL,
+ `description` varchar(255) DEFAULT NULL,
+ PRIMARY KEY (`module_bit`, `code`),
+ CONSTRAINT `permissions_ibfk_1` FOREIGN KEY (`module_bit`) REFERENCES `userflags` (`bit`)
+ ON DELETE CASCADE ON UPDATE CASCADE
+) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+
DROP TABLE IF EXISTS serialitems;
CREATE TABLE serialitems (
serialid int(11) NOT NULL,
@@ -2018,6 +2028,17 @@ CREATE TABLE serialitems (
UNIQUE KEY `serialididx` (`serialid`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+DROP TABLE IF EXISTS `user_permissions`;
+CREATE TABLE `user_permissions` (
+ `borrowernumber` int(11) NOT NULL DEFAULT 0,
+ `module_bit` int(11) NOT NULL DEFAULT 0,
+ `code` varchar(30) DEFAULT NULL,
+ CONSTRAINT `user_permissions_ibfk_1` FOREIGN KEY (`borrowernumber`) REFERENCES `borrowers` (`borrowernumber`)
+ ON DELETE CASCADE ON UPDATE CASCADE,
+ CONSTRAINT `user_permissions_ibfk_2` FOREIGN KEY (`module_bit`, `code`) REFERENCES `permissions` (`module_bit`, `code`)
+ ON DELETE CASCADE ON UPDATE CASCADE
+) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+
/*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */;
/*!40101 SET SQL_MODE=@OLD_SQL_MODE */;
/*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */;
diff --git a/installer/data/mysql/updatedatabase.pl b/installer/data/mysql/updatedatabase.pl
index b82d9f1..58e7a45 100755
--- a/installer/data/mysql/updatedatabase.pl
+++ b/installer/data/mysql/updatedatabase.pl
@@ -1230,6 +1230,50 @@ if (C4::Context->preference("Version") < TransformToNum($DBversion)) {
SetVersion ($DBversion);
}
+$DBversion = "3.00.00.068";
+if (C4::Context->preference("Version") < TransformToNum($DBversion)) {
+ $dbh->do("CREATE TABLE `permissions` (
+ `module_bit` int(11) NOT NULL DEFAULT 0,
+ `code` varchar(30) DEFAULT NULL,
+ `description` varchar(255) DEFAULT NULL,
+ PRIMARY KEY (`module_bit`, `code`),
+ CONSTRAINT `permissions_ibfk_1` FOREIGN KEY (`module_bit`) REFERENCES `userflags` (`bit`)
+ ON DELETE CASCADE ON UPDATE CASCADE
+ ) ENGINE=InnoDB DEFAULT CHARSET=utf8");
+ $dbh->do("CREATE TABLE `user_permissions` (
+ `borrowernumber` int(11) NOT NULL DEFAULT 0,
+ `module_bit` int(11) NOT NULL DEFAULT 0,
+ `code` varchar(30) DEFAULT NULL,
+ CONSTRAINT `user_permissions_ibfk_1` FOREIGN KEY (`borrowernumber`) REFERENCES `borrowers` (`borrowernumber`)
+ ON DELETE CASCADE ON UPDATE CASCADE,
+ CONSTRAINT `user_permissions_ibfk_2` FOREIGN KEY (`module_bit`, `code`)
+ REFERENCES `permissions` (`module_bit`, `code`)
+ ON DELETE CASCADE ON UPDATE CASCADE
+ ) ENGINE=InnoDB DEFAULT CHARSET=utf8");
+
+ $dbh->do("INSERT INTO permissions (module_bit, code, description) VALUES
+ (13, 'edit_news', 'Write news for the OPAC and staff interfaces'),
+ (13, 'label_creator', 'Create printable labels and barcodes from catalog and patron data'),
+ (13, 'edit_calendar', 'Define days when the library is closed'),
+ (13, 'moderate_comments', 'Moderate patron comments'),
+ (13, 'edit_notices', 'Define notices'),
+ (13, 'edit_notice_status_triggers', 'Set notice/status triggers for overdue items'),
+ (13, 'view_system_logs', 'Browse the system logs'),
+ (13, 'inventory', 'Perform inventory (stocktaking) of your catalogue'),
+ (13, 'stage_marc_import', 'Stage MARC records into the reservoir'),
+ (13, 'manage_staged_marc', 'Managed staged MARC records, including completing and reversing imports'),
+ (13, 'export_catalog', 'Export bibliographic and holdings data'),
+ (13, 'import_patrons', 'Import patron data'),
+ (13, 'delete_anonymize_patrons', 'Delete old borrowers and anonymize circulation history (deletes borrower reading history)'),
+ (13, 'batch_upload_patron_images', 'Upload patron images in batch or one at a time'),
+ (13, 'schedule_tasks', 'Schedule tasks to run')");
+
+ $dbh->do("INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES('CheckSpecificUserPermissions','0','Check most specific staff user permissions',NULL,'YesNo')");
+
+ print "Upgrade to $DBversion done (adding permissions and user_permissions tables and CheckSpecificUserPermissions syspref) ";
+ SetVersion ($DBversion);
+}
+
=item DropAllForeignKeys($table)
Drop all foreign keys of the table $table
diff --git a/kohaversion.pl b/kohaversion.pl
index b41e3ad..6a67751 100644
--- a/kohaversion.pl
+++ b/kohaversion.pl
@@ -10,7 +10,7 @@
use strict;
sub kohaversion {
- our $VERSION = "3.00.00.067";
+ our $VERSION = "3.00.00.068";
# version needs to be set this way
# so that it can be picked up by Makefile.PL
# during install
--
1.5.5.rc0.16.g02b00
More information about the Koha-patches
mailing list