Bug 22868: Move suggestions_manage subperm out of acquisition perm
commitf0c60dfe6f53ef32b2046fdfd1e0732e1d89dd95
authorJonathan Druart <jonathan.druart@bugs.koha-community.org>
Tue, 14 Jan 2020 09:02:11 +0000 (14 10:02 +0100)
committerLucas Gass <lucas@bywatersolutions.com>
Fri, 14 Feb 2020 20:19:59 +0000 (14 20:19 +0000)
tree8f2ed6666d254804b2f5bc70cb8f4fc7aba9b446
parent00047809c65dc06ca0a59e85c63d63229d3bee14
Bug 22868: Move suggestions_manage subperm out of acquisition perm

Bug 11911 replaced the permission of suggestions.pl (create a purchase
suggestion) from catalogue => 1 to acquisition => 'suggestions_manage'.
However we have a lot of acquisition scripts that have lax permissions
(acquisition => '*' which means any sub permissions of acquisition is
enough).

That causes problem when a circulation staff can create purchase
suggestions but not access acquisition information.

One solution is to move the suggestions_manage subpermission out of the
acquisition permission and create a new suggestion permission.

Test plan:
0. Setup
* Create a patron with several permission (and full acquisition
permission)
* Create another patron with several permission, and suggestions_manage
permission
* Create another patron without the suggestions_manage permission
1. Apply the patch and execute the update database entry
2. Note that the third patron you create still does not have
suggestions_manage
3. Confirm that you can create a purchase suggestion if you have
suggestions_manage, but cannot access acquisition pages if you do not
have any subpermissions of the acquisition permission

Signed-off-by: Hayley Mapley <hayleymapley@catalyst.net.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Joy Nelson <joy@bywatersolutions.com>
(cherry picked from commit 462db680242b4a6cbfb82b3469ebec8912e69af3)

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
installer/data/mysql/atomicupdate/bug_22868.perl [new file with mode: 0644]
installer/data/mysql/userflags.sql
installer/data/mysql/userpermissions.sql
koha-tmpl/intranet-tmpl/prog/en/includes/acquisitions-menu.inc
koha-tmpl/intranet-tmpl/prog/en/includes/circ-menu.inc
koha-tmpl/intranet-tmpl/prog/en/includes/permissions.inc
koha-tmpl/intranet-tmpl/prog/en/modules/acqui/acqui-home.tt
koha-tmpl/intranet-tmpl/prog/en/modules/intranet-main.tt
members/purchase-suggestions.pl
suggestion/suggestion.pl