[Koha-patches] [PATCH] BZ6072: fixing permission inconsistencies MT5306 In large libraries, some librarian may have permission only to recieve shipments This patch fixes some permission : * booksellers page = accessible to anyone that has at least 1 acq permission * parcels = accessible to anyone with order_recieve * supplier detail = accessible to anyone that has at least 1 acq permission, but modifying accessible only if vendor_manage
paul.poulain at biblibre.com
paul.poulain at biblibre.com
Tue Apr 5 17:56:30 CEST 2011
From: Paul Poulain <paul.poulain at biblibre.com>
---
acqui/booksellers.pl | 2 +-
acqui/parcels.pl | 2 +-
acqui/supplier.pl | 2 +-
.../prog/en/includes/acquisitions-toolbar.inc | 22 +++++++++++--------
4 files changed, 16 insertions(+), 12 deletions(-)
diff --git a/acqui/booksellers.pl b/acqui/booksellers.pl
index 88dbaa9..cc5c084 100755
--- a/acqui/booksellers.pl
+++ b/acqui/booksellers.pl
@@ -66,7 +66,7 @@ my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
query => $query,
type => 'intranet',
authnotrequired => 0,
- flagsrequired => { acquisition => 'vendors_manage' },
+ flagsrequired => { acquisition => '*' },
debug => 1,
}
);
diff --git a/acqui/parcels.pl b/acqui/parcels.pl
index 1e8d44e..915b1e8 100755
--- a/acqui/parcels.pl
+++ b/acqui/parcels.pl
@@ -91,7 +91,7 @@ my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
query => $input,
type => 'intranet',
authnotrequired => 0,
- flagsrequired => { acquisition => 1 },
+ flagsrequired => { acquisition => 'order_receive' },
debug => 1,
}
);
diff --git a/acqui/supplier.pl b/acqui/supplier.pl
index 52d940c..2a4078a 100755
--- a/acqui/supplier.pl
+++ b/acqui/supplier.pl
@@ -64,7 +64,7 @@ my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
query => $query,
type => 'intranet',
authnotrequired => 0,
- flagsrequired => { acquisition => 'vendors_manage' },
+ flagsrequired => { acquisition => '*' },
debug => 1,
}
);
diff --git a/koha-tmpl/intranet-tmpl/prog/en/includes/acquisitions-toolbar.inc b/koha-tmpl/intranet-tmpl/prog/en/includes/acquisitions-toolbar.inc
index 9f7a8e5..a11417a 100644
--- a/koha-tmpl/intranet-tmpl/prog/en/includes/acquisitions-toolbar.inc
+++ b/koha-tmpl/intranet-tmpl/prog/en/includes/acquisitions-toolbar.inc
@@ -21,9 +21,11 @@
new YAHOO.widget.Button("editcontracts");
var manageorders = [
- { text: _("New basket"), url: "/cgi-bin/koha/acqui/basketheader.pl?booksellerid=<!-- TMPL_VAR NAME="id" -->&op=add_form"},
- { text: _("Baskets"), url: "/cgi-bin/koha/acqui/booksellers.pl?supplierid=<!--TMPL_VAR Name="id"-->"},
- { text: _("Basket groups"), url: "/cgi-bin/koha/acqui/basketgroup.pl?booksellerid=<!-- TMPL_VAR NAME="id" -->"},
+ <!-- TMPL_IF name="CAN_user_acquisition_order_manage" -->
+ { text: _("New basket"), url: "/cgi-bin/koha/acqui/basketheader.pl?booksellerid=<!-- TMPL_VAR NAME="id" -->&op=add_form"},
+ { text: _("Baskets"), url: "/cgi-bin/koha/acqui/booksellers.pl?supplierid=<!--TMPL_VAR Name="id"-->"},
+ { text: _("Basket groups"), url: "/cgi-bin/koha/acqui/basketgroup.pl?booksellerid=<!-- TMPL_VAR NAME="id" -->"},
+ <!-- /TMPL_IF -->
{ text: _("Receive shipments"), url: "/cgi-bin/koha/acqui/parcels.pl?supplierid=<!--TMPL_VAR Name="id"-->" },
<!-- TMPL_IF name="basketno" -->
{ text: _("Uncertain prices"), url: "/cgi-bin/koha/acqui/uncertainprice.pl?booksellerid=<!-- TMPL_VAR NAME="id" -->&basketno=<!--TMPL_VAR name="basketno" -->&owner=1"}
@@ -42,12 +44,14 @@
</script>
<ul id="toolbar-list" class="toolbar">
<!-- TMPL_IF NAME="id" -->
- <li><a id="editsupplier" href="/cgi-bin/koha/acqui/supplier.pl?supplierid=<!--TMPL_VAR Name="id"-->&op=enter">Edit</a></li>
- <li><a id="newcontract" href="/cgi-bin/koha/admin/aqcontract.pl?op=add_form&booksellerid=<!-- TMPL_VAR name="id" -->">New Contract</a></li>
- <li><a id="editcontracts" href="/cgi-bin/koha/admin/aqcontract.pl?booksellerid=<!-- TMPL_VAR name="id" -->">Contracts</a></li>
- <!-- TMPL_UNLESS NAME="basketcount" -->
- <li><a id="newbasket" href="/cgi-bin/koha/acqui/basketheader.pl?booksellerid=<!-- TMPL_VAR name="id" -->&op=add_form">New Basket</a></li>
- <!-- /TMPL_UNLESS -->
+ <!-- TMPL_IF name="CAN_user_acquisition_vendors_manage" -->
+ <li><a id="editsupplier" href="/cgi-bin/koha/acqui/supplier.pl?supplierid=<!--TMPL_VAR Name="id"-->&op=enter">Edit</a></li>
+ <li><a id="newcontract" href="/cgi-bin/koha/admin/aqcontract.pl?op=add_form&booksellerid=<!-- TMPL_VAR name="id" -->">New Contract</a></li>
+ <li><a id="editcontracts" href="/cgi-bin/koha/admin/aqcontract.pl?booksellerid=<!-- TMPL_VAR name="id" -->">Contracts</a></li>
+ <!-- TMPL_UNLESS NAME="basketcount" -->
+ <li><a id="newbasket" href="/cgi-bin/koha/acqui/basketheader.pl?booksellerid=<!-- TMPL_VAR name="id" -->&op=add_form">New Basket</a></li>
+ <!-- /TMPL_UNLESS -->
+ <!-- /TMPL_IF -->
<!-- TMPL_ELSE -->
<li><a id="newbudget" href="/cgi-bin/koha/acqui/supplier.pl?op=enter">New Vendor</a></li>
<!-- /TMPL_IF -->
--
1.7.1
More information about the Koha-patches
mailing list