PT 7749329: Refine periodicals access with granular permissions

Adds permissions to constrain CRUD operations on periodicals and
periodical_serials.

installer/data/mysql/en/mandatory/userpermissions.sql

@@ -69,5 +69,9 @@ INSERT INTO permissions (module_bit, code, description) VALUES
    (13, 'schedule_tasks', 'Schedule tasks to run'),
    (13, 'manage_csv_profiles', 'Manage CSV export profiles'),
    (13, 'receipts_manage', 'Create, Edit & Delete Receipt Templates'), 
-   (13, 'receipts_assign', 'Assign Receipt Templates to Various Actions')
+   (13, 'receipts_assign', 'Assign Receipt Templates to Various Actions'),
+   (15, 'periodical_view', 'Basic periodicals permissions'),
+   (15, 'periodical_create', 'Create a new periodical definition'),
+   (15, 'periodical_edit', 'Modify a periodical definition'),
+   (15, 'periodical_delete', 'Delete a periodical definition')
 ;

installer/data/mysql/updatedatabase.pl

@@ -4433,6 +4433,20 @@
    print "Upgrade to $DBversion done ( Corrected itemtypes.notforhold )\n";
 }
 
+$DBversion = '4.03.15.002';
+if (C4::Context->preference("Version") < TransformToNum($DBversion)) {
+   $dbh->do(q{
+        INSERT INTO permissions (module_bit, code, description) VALUES
+            (15, 'periodical_view', 'Basic periodicals permissions'),
+            (15, 'periodical_create', 'Create a new periodical definition'),
+            (15, 'periodical_edit', 'Modify a periodical definition'),
+            (15, 'periodical_delete', 'Delete a periodical definition')
+      });
+
+   SetVersion ($DBversion);
+   print "Upgrade to $DBversion done ( Add granular permissions for periodicals )\n";
+}
+
 printf "Database schema now up to date at version %s as of %s.\n", $DBversion, scalar localtime;
 
 =item DropAllForeignKeys($table)

koha-tmpl/intranet-tmpl/prog/en/includes/periodicals-toolbar.inc

@@ -36,7 +36,7 @@
 	//]]>
 	</script>
 <ul class="toolbar">
-	<li><a id="new_periodical" href="periodicals-add.pl">New Periodical</a></li>
+	<TMPL_IF NAME="CAN_user_serials_periodical_create"><li><a id="new_periodical" href="periodicals-add.pl">New Periodical</a></li></TMPL_IF>
 
 <!--
     <TMPL_IF NAME="periodical_id">

koha-tmpl/intranet-tmpl/prog/en/modules/intranet-main.tmpl

@@ -68,13 +68,13 @@
         </TMPL_IF>
         <!-- /TMPL_IF -->
         <li><a href="/cgi-bin/koha/authorities/authorities-home.pl">Authorities</a></li>
-	<!-- TMPL_IF NAME="CAN_user_serials" -->
+	<TMPL_IF NAME="CAN_user_serials">
         <TMPL_IF NAME="UsePeriodicals">
         <li><a href="/cgi-bin/koha/periodicals/periodicals-home.pl">Periodicals</a></li>
         <TMPL_ELSE>
         <li><a href="/cgi-bin/koha/serials/serials-home.pl">Serials</a></li>
         </TMPL_IF>
-	<!-- /TMPL_IF -->
+	</TMPL_IF>
     </ul>
 	<!-- TMPL_IF NAME="CAN_user_acquisition" -->
     <h3><a href="/cgi-bin/koha/acqui/acqui-home.pl">Acquisitions</a></h3>

koha-tmpl/intranet-tmpl/prog/en/modules/periodicals/periodicals-detail.tmpl

@@ -18,11 +18,15 @@
     <h1>Periodical description for &quot;<!-- TMPL_VAR name="bibliotitle" -->&quot;</h1>
 
     <div id="periodical_info">
-        <h2>Periodical Information</h2>
-		<ul>
-		<li><span class="label">Periodical ID: </span><!--TMPL_VAR name="periodical_id"--> (<a href="periodicals-add.pl?periodical_id=<TMPL_VAR NAME="periodical_id">">Edit</a>)(<a href="subscription-add.pl?periodical_id=<TMPL_VAR NAME="periodical_id">">Subscribe</a>)</li>
-        <li><span class="label">Biblio:</span> <i>(<!-- TMPL_VAR name="biblionumber" -->)</i> <a href="/cgi-bin/koha/catalogue/MARCdetail.pl?biblionumber=<!-- TMPL_VAR name="biblionumber" -->"><!-- TMPL_VAR name="bibliotitle" --></a></li>
-     </ul>
+      <h2>Periodical Information</h2>
+      <ul>
+        <li>
+          <span class="label">Periodical ID: </span><TMPL_VAR name="periodical_id">
+            <TMPL_IF NAME="CAN_user_serials_periodical_edit">(<a href="periodicals-add.pl?periodical_id=<TMPL_VAR NAME="periodical_id">">Edit</a>)</TMPL_IF>
+            (<a href="subscription-add.pl?periodical_id=<TMPL_VAR NAME="periodical_id">">Subscribe</a>)
+        </li>
+        <li><span class="label">Biblio:</span> <i>(<TMPL_VAR name="biblionumber">)</i> <a href="/cgi-bin/koha/catalogue/MARCdetail.pl?biblionumber=<TMPL_VAR name="biblionumber">"><TMPL_VAR name="bibliotitle"></a></li>
+      </ul>
     </div>
     <div id="sequence_numbering" >
         <h3>Sequence Prediction</h3>
@@ -51,15 +55,17 @@
             <td><TMPL_VAR NAME="expected"></td>
             <td><TMPL_VAR NAME="arrived"></td>
             <td>
-              <a href="periodical_serial-edit.pl?periodical_serial_id=<TMPL_VAR NAME="id">">Edit</a> |
-              <a href="delete.pl?type=periodical_serial&id=<TMPL_VAR NAME="id">">Delete</a>
-              <TMPL_IF NAME="__last__">| <a href="periodical_serial-edit.pl?periodical_serial_id=<TMPL_VAR NAME="id">&op=combine">Combine</a></TMPL_IF>
+              <TMPL_IF NAME="CAN_user_serials_periodical_edit">(<a href="periodical_serial-edit.pl?periodical_serial_id=<TMPL_VAR NAME="id">">Edit</a>)</TMPL_IF>
+              <TMPL_IF NAME="CAN_user_serials_periodical_delete">(<a href="delete.pl?type=periodical_serial&id=<TMPL_VAR NAME="id">">Delete</a>)</TMPL_IF>
+              <TMPL_IF EXPR="__last__ && CAN_user_serials_periodical_edit">(<a href="periodical_serial-edit.pl?periodical_serial_id=<TMPL_VAR NAME="id">&op=combine">Combine</a>)</TMPL_IF>
             </td>
         </tr>
         </TMPL_LOOP>
+        <TMPL_IF NAME="CAN_user_serials_periodical_create">
         <tr>
-            <td colspan="4"><a href="periodicals-detail.pl?periodical_id=<TMPL_VAR NAME="periodical_id">&op=gen_next_seq">Generate Next Issue Record</a></td>
+          <td colspan="4"><a href="periodicals-detail.pl?periodical_id=<TMPL_VAR NAME="periodical_id">&op=gen_next_seq">Generate Next Issue Record</a></td>
         </tr>
+        </TMPL_IF>
     </table>
     </div>
 

koha-tmpl/intranet-tmpl/prog/en/modules/periodicals/periodicals-home.tmpl

@@ -31,8 +31,8 @@
           <td><a href="periodicals-detail.pl?periodical_id=<TMPL_VAR NAME="id">"><TMPL_VAR NAME="bibliotitle"></a></td>
           <td><TMPL_VAR NAME="subscription_count"></td>
           <td>
-            <a href="periodicals-add.pl?periodical_id=<TMPL_VAR NAME="id">">Edit</a> |
-            <a href="delete.pl?type=periodical&id=<TMPL_VAR NAME="id">">Delete</a>
+            <TMPL_IF NAME="CAN_user_serials_periodical_edit">(<a href="periodicals-add.pl?periodical_id=<TMPL_VAR NAME="id">">Edit</a>)</TMPL_IF>
+            <TMPL_IF NAME="CAN_user_serials_periodical_delete">(<a href="delete.pl?type=periodical&id=<TMPL_VAR NAME="id">">Delete</a>)</TMPL_IF>
           </td>
         </tr>   
     </TMPL_LOOP>

periodicals/delete.pl

@@ -15,7 +15,7 @@
                            query => $query,
                            type => "intranet",
                            authnotrequired => 0,
-                           flagsrequired => {serials => 1},
+                           flagsrequired => {serials => 'periodical_delete'},
                            debug => 1,
                           });
 

periodicals/periodical-bib-search.pl

@@ -111,8 +111,7 @@ =head1 PARAMETERS
                 query => $input,
                 type => "intranet",
                 authnotrequired => 0,
-                flagsrequired => {serials => 1},
-                flagsrequired => {catalogue => 1},
+                flagsrequired => {catalogue => 1, serials => '*'},
                 debug => 1,
                 });
 
@@ -173,7 +172,7 @@ =head1 PARAMETERS
                 query => $input,
                 type => "intranet",
                 authnotrequired => 0,
-                flagsrequired => {catalogue => 1, serials=>1},
+                flagsrequired => {catalogue => 1, serials => '*'},
                 debug => 1,
                 });
     # load the itemtypes
@@ -199,7 +198,7 @@ =head1 PARAMETERS
                 query => $input,
                 type => "intranet",
                 authnotrequired => 0,
-                flagsrequired => {catalogue => 1, serials=>1},
+                flagsrequired => {catalogue => 1, serials => '*'},
                 debug => 1,
                 });
     # load the itemtypes

periodicals/periodicals-add.pl

@@ -33,11 +33,16 @@
                 query => $query,
                 type => "intranet",
                 authnotrequired => 0,
-                flagsrequired => {serials => 1},
+                flagsrequired => {serials => '*'},
                 debug => 1,
                 });
 
-$periodical_id = C4::Control::Periodical::UpdateOrCreate($query) if ($op eq 'save');
+if ($op eq 'save' && (
+        (C4::Auth::haspermission(C4::Context->userenv->{id}, {serials => 'periodical_edit'}) && defined $periodical_id)
+        || (C4::Auth::haspermission(C4::Context->userenv->{id}, {serials => 'periodical_create'}) && ! defined $periodical_id)
+    )) {
+    $periodical_id = C4::Control::Periodical::UpdateOrCreate($query);
+}
 
 SeedTemplateWithPeriodicalData($template, $periodical_id) if $periodical_id;
 SeedTemplateWithGeneralData($template);

periodicals/periodicals-detail.pl

@@ -33,7 +33,7 @@
                 query => $query,
                 type => "intranet",
                 authnotrequired => 0,
-                flagsrequired => {serials => 1},
+                flagsrequired => {serials => '*'},
                 debug => 1,
                 });
 

periodicals/periodicals-home.pl

@@ -33,7 +33,7 @@
         query           => $query,
         type            => "intranet",
         authnotrequired => 1,
-        flagsrequired   => { serials => 1 },
+        flagsrequired   => { serials => '*' },
         debug           => 1,
     }
 );