Introduce a new syspref, AcqViewBaskets, to configure which baskets a user is allowed to view. Possible values are: -- user: View only the same user's baskets (as before) -- branch: View all baskets issued at the user's branch -- all: View all baskets.
However, this is just a stub as long as one can just append ?basketno=<nnn> to any of the relevant URLs to access any basket whatsoever. Introducing the new syspref requires a database modification along the lines of INSERT INTO `systempreferences` (variable,value,options,explanation,type) VALUES ('AcqViewBaskets','user','user|branch|all','Define which baskets a user is allowed to view: his own only, any within his branch or all','Choice'); I don't feel comfortable enough with the database updating automagic to handle this. See also Bug 6390. --- acqui/booksellers.pl | 24 +++++++++++++------ admin/systempreferences.pl | 1 + .../en/modules/admin/preferences/acquisitions.pref | 7 +++++ 3 files changed, 24 insertions(+), 8 deletions(-) diff --git a/acqui/booksellers.pl b/acqui/booksellers.pl index cc5c084..2a7bb47 100755 --- a/acqui/booksellers.pl +++ b/acqui/booksellers.pl @@ -59,6 +59,7 @@ use CGI; use C4::Dates qw/format_date/; use C4::Bookseller qw/ GetBookSellerFromId GetBookSeller /; use C4::Members qw/GetMember/; +use C4::Context; my $query = CGI->new; my ( $template, $loggedinuser, $cookie ) = get_template_and_user( @@ -90,23 +91,30 @@ if ( $supplier_count == 1 ) { ); } -my $uid; -if ($loggedinuser) { - $uid = GetMember( borrowernumber => $loggedinuser )->{userid}; -} +my $userenv = C4::Context::userenv; +my $viewbaskets = C4::Context->preference('AcqViewBaskets'); + +#my $uid = $userenv->{id}; +# $loggedinuser == $userenv->{number} +my $userbranch = $userenv->{branch}; #build result page my $loop_suppliers = []; +my %branchcache; + for my $vendor (@suppliers) { my $baskets = get_vendors_baskets( $vendor->{id} ); my $loop_basket = []; for my $basket ( @{$baskets} ) { - if (( $basket->{authorisedby} - && $basket->{authorisedby} eq $loggedinuser - ) - || haspermission( $uid, { flagsrequired => { acquisition => q{*} } } ) + my $authorisedby = $basket->{authorisedby}; + if ($authorisedby && $authorisedby == $loggedinuser + || $viewbaskets eq 'all' + || $viewbaskets eq 'branch' && $authorisedby && +# GetMember( borrowernumber => $authorisedby )->{branchcode} eq $userbranch + ($branchcache{$authorisedby} || ($branchcache{$authorisedby} = GetMember( borrowernumber => $authorisedby )->{branchcode})) eq $userbranch +# || haspermission( $uid, { acquisition => q{*} } ) ) { for my $date_field (qw( creationdate closedate)) { if ( $basket->{$date_field} ) { diff --git a/admin/systempreferences.pl b/admin/systempreferences.pl index 87ecac4..78d0768 100755 --- a/admin/systempreferences.pl +++ b/admin/systempreferences.pl @@ -76,6 +76,7 @@ my %tabsysprefs; $tabsysprefs{AcqCreateItem}="Acquisitions"; $tabsysprefs{OrderPdfFormat}="Acquisitions"; $tabsysprefs{CurrencyFormat}="Acquisitions"; + $tabsysprefs{AcqViewBaskets}="Acquisitions"; # Admin $tabsysprefs{singleBranchMode} = "Admin"; diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences/acquisitions.pref b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences/acquisitions.pref index 2a900f0..489a30b 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences/acquisitions.pref +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences/acquisitions.pref @@ -9,6 +9,13 @@ Acquisitions: receiving: receiving an order. cataloguing: cataloging the record. - + - Allow a user to view baskets created + - pref: AcqViewBaskets + choices: + user: by him only + branch: at his branch + all: by anyone + - - Display currencies using the following format - pref: CurrencyFormat choices: -- 1.7.2.5 _______________________________________________ Koha-patches mailing list Koha-patches@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-patches website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/