Introduce a new syspref, AcqViewBaskets, to configure which baskets a user is
allowed to view. Possible values are:
-- user: View only the same user's baskets (as before)
-- branch: View all baskets issued at the user's branch
-- all: View all baskets.

However, this is just a stub as long as one can just append ?basketno=<nnn>
to any of the relevant URLs to access any basket whatsoever.

Introducing the new syspref requires a database modification along the lines of
INSERT INTO `systempreferences` (variable,value,options,explanation,type) 
VALUES ('AcqViewBaskets','user','user|branch|all','Define which baskets a user 
is allowed to view: his own only, any within his branch or all','Choice');
I don't feel comfortable enough  with the database updating automagic to handle 
this.

See also Bug 6390.
---
 acqui/booksellers.pl                               |   24 +++++++++++++------
 admin/systempreferences.pl                         |    1 +
 .../en/modules/admin/preferences/acquisitions.pref |    7 +++++
 3 files changed, 24 insertions(+), 8 deletions(-)

diff --git a/acqui/booksellers.pl b/acqui/booksellers.pl
index cc5c084..2a7bb47 100755
--- a/acqui/booksellers.pl
+++ b/acqui/booksellers.pl
@@ -59,6 +59,7 @@ use CGI;
 use C4::Dates qw/format_date/;
 use C4::Bookseller qw/ GetBookSellerFromId GetBookSeller /;
 use C4::Members qw/GetMember/;
+use C4::Context;
 
 my $query = CGI->new;
 my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
@@ -90,23 +91,30 @@ if ( $supplier_count == 1 ) {
     );
 }
 
-my $uid;
-if ($loggedinuser) {
-    $uid = GetMember( borrowernumber => $loggedinuser )->{userid};
-}
+my $userenv = C4::Context::userenv;
+my $viewbaskets = C4::Context->preference('AcqViewBaskets');
+
+#my $uid = $userenv->{id};
+# $loggedinuser == $userenv->{number}
+my $userbranch = $userenv->{branch};
 
 #build result page
 my $loop_suppliers = [];
 
+my %branchcache;
+
 for my $vendor (@suppliers) {
     my $baskets = get_vendors_baskets( $vendor->{id} );
 
     my $loop_basket = [];
     for my $basket ( @{$baskets} ) {
-        if ((      $basket->{authorisedby}
-                && $basket->{authorisedby} eq $loggedinuser
-            )
-            || haspermission( $uid, { flagsrequired => { acquisition => q{*} } 
} )
+        my $authorisedby = $basket->{authorisedby};
+        if ($authorisedby && $authorisedby == $loggedinuser
+            || $viewbaskets eq 'all'
+            || $viewbaskets eq 'branch' && $authorisedby &&
+#              GetMember( borrowernumber => $authorisedby )->{branchcode} eq 
$userbranch
+               ($branchcache{$authorisedby} || ($branchcache{$authorisedby} = 
GetMember( borrowernumber => $authorisedby )->{branchcode})) eq $userbranch
+#           || haspermission( $uid, { acquisition => q{*} } )
           ) {
             for my $date_field (qw( creationdate closedate)) {
                 if ( $basket->{$date_field} ) {
diff --git a/admin/systempreferences.pl b/admin/systempreferences.pl
index 87ecac4..78d0768 100755
--- a/admin/systempreferences.pl
+++ b/admin/systempreferences.pl
@@ -76,6 +76,7 @@ my %tabsysprefs;
     $tabsysprefs{AcqCreateItem}="Acquisitions";
     $tabsysprefs{OrderPdfFormat}="Acquisitions";
     $tabsysprefs{CurrencyFormat}="Acquisitions";
+    $tabsysprefs{AcqViewBaskets}="Acquisitions";
 
 # Admin
 $tabsysprefs{singleBranchMode}      = "Admin";
diff --git 
a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences/acquisitions.pref 
b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences/acquisitions.pref
index 2a900f0..489a30b 100644
--- 
a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences/acquisitions.pref
+++ 
b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences/acquisitions.pref
@@ -9,6 +9,13 @@ Acquisitions:
               receiving: receiving an order.
               cataloguing: cataloging the record.
     -
+        - Allow a user to view baskets created
+        - pref: AcqViewBaskets
+          choices:
+              user: by him only
+              branch: at his branch
+              all: by anyone
+    -
         - Display currencies using the following format 
         - pref: CurrencyFormat
           choices:
-- 
1.7.2.5

_______________________________________________
Koha-patches mailing list
Koha-patches@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-patches
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

Reply via email to