https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=37392
--- Comment #64 from Nick Clemens (kidclamp) <[email protected]> --- Created attachment 175413 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=175413&action=edit Bug 37392: [24.05.x] Edit item permission by library group is broken Signed-off-by: Michaela Sieber <[email protected]> Signed-off-by: Brendan Lawlor <[email protected]> Signed-off-by: Martin Renvoize <[email protected]> Bug 37392: can_see_things_from is always checking patron visibility When trying to edit items, we are seeing the button visibility affected by a patron's permission to view patrons form any library. This is because can_edit_items_from is calling can_see_things_from - which is ultimately calling libraries_where_can_see_patrons That last call should be to libraries_where_can_see_things. This patch corrects that, and passes forward the group feature to check against To test: Set up library group: * Create a library group for library A + B * Action: Limit item editing by group Set up test user: * Create a staff patron with these permissions: * catalogue * fast_cataloguing * edit_items * view_borrower_infos_from_any_libraries * edit borrowers * Home library: library A Set up test items: * Create a record with 3 items with different home libraries: * A * B * C We expect the user will be allowed to edit A and B, but not C. Test: * Test editing the items with the test user, only A is allowed to be edited. * Remove the view_borrower_infos_from_any_libraries permission from test user. * Test editing items now behaves as expected: A + B are allowed, C is not. Signed-off-by: Michaela Sieber <[email protected]> Signed-off-by: Brendan Lawlor <[email protected]> Signed-off-by: Martin Renvoize <[email protected]> Bug 37392: Adjust routines The current code only handled a single layer of groups - top level setting the features, and libraries directly underneath. The code, however, was not correctly checking the features, and was limiting to single like when no restrictions found. This patch gets the root ancestor for a group, checks the desired feature against than group, then fetches all children of the current group and makes them allowed - i.e. when a library is in a group, all siblings and descendants in that group or subgroups can be accessed I adjust some typos in the tests too, this needs more cleanup in the future, but am submitting for any discussion Signed-off-by: Michaela Sieber <[email protected]> Signed-off-by: Brendan Lawlor <[email protected]> Signed-off-by: Martin Renvoize <[email protected]> Bug 37392: (follow-up) Tidy and improve descriptions Tidy and improve the description of patron limits in staff interface Signed-off-by: Martin Renvoize <[email protected]> Bug 37392: (QA follow-up) Attempt to clarify POD This aptch attemptes to tidy up and clarify the POD for various 'things' methods in the Koha::Patron class. Signed-off-by: Martin Renvoize <[email protected]> Bug 37392: (follow-up) Limit a borrower not in a group and fix tests The previous patches took into account all the groups for a patron, but missed the case where a patron didn't have permission to see outside their library, and their library is not in a group. Code updated and a test added. Other tests adjusted to ensure the feature to limit patrons was set in those groups. Bug 37392: Fix API helpers testsa This patch acknowledges the fact this patchset changed the called method `libraries_where_can_see_patrons` for `libraries_where_can_see_things`. And as such the mock was not working. Signed-off-by: Tomas Cohen Arazi <[email protected]> Bug 37392: (QA tool fixes) -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
