# requesting a precat checkout implies that any required
# overrides have been performed. Go ahead and re-override.
$circulator->skip_permit_key(1);
- $circulator->override(1) if $circulator->request_precat;
+ $circulator->override(1) if ( $circulator->request_precat && $circulator->editor->allowed('CREATE_PRECAT') );
$circulator->do_permit();
$circulator->is_checkout(1);
unless( $circulator->bail_out ) {
sub make_precat_copy {
my $self = shift;
my $copy = $self->copy;
+ return $self->bail_on_events(OpenILS::Event->new('PERM_FAILURE'))
+ unless $self->editor->allowed('CREATE_PRECAT');
if($copy) {
$logger->debug("circulator: Pre-cat copy already exists in checkout: ID=" . $copy->id);
( 616, 'IMPORT_USE_ORG_UNIT_COPIES', oils_i18n_gettext( 616,
'Allows users to import records based on the number of org unit copies attached to a record', 'ppl', 'description' )),
( 617, 'IMPORT_ON_ORDER_CAT_COPY', oils_i18n_gettext( 617,
- 'Allows users to import copies based on the on-order items attached to a record', 'ppl', 'description' ))
+ 'Allows users to import copies based on the on-order items attached to a record', 'ppl', 'description' )),
+ ( 618, 'CREATE_PRECAT', oils_i18n_gettext(618,
+ 'Allows a user to create a pre-catalogued copy', 'ppl', 'description'))
;
aout.name = 'Consortium' AND
perm.code IN (
'CREATE_COPY_TRANSIT',
+ 'CREATE_PRECAT',
'VIEW_BILLING_TYPE',
'VIEW_CIRCULATIONS',
'VIEW_COPY_NOTES',
'CREATE_BIB_IMPORT_QUEUE',
'CREATE_IMPORT_ITEM',
'CREATE_MARC',
+ 'CREATE_PRECAT',
'CREATE_TITLE_NOTE',
'DELETE_BIB_IMPORT_QUEUE',
'DELETE_IMPORT_ITEM',
'CREATE_IMPORT_TRASH_FIELD',
'CREATE_MERGE_PROFILE',
'CREATE_MONOGRAPH_PART',
+ 'CREATE_PRECAT',
'CREATE_VOLUME_PREFIX',
'CREATE_VOLUME_SUFFIX',
'DELETE_AUTHORITY_IMPORT_IMPORT_FIELD_DEF',
'ADMIN_BOOKING_RESOURCE_ATTR_VALUE',
'ADMIN_BOOKING_RESOURCE_TYPE',
'ASSIGN_GROUP_PERM',
+ 'CREATE_PRECAT',
'MARK_ITEM_AVAILABLE',
'MARK_ITEM_BINDERY',
'MARK_ITEM_CHECKED_OUT',
perm.code IN (
'ADMIN_MAX_FINE_RULE',
'CREATE_CIRC_DURATION',
+ 'CREATE_PRECAT',
'DELETE_CIRC_DURATION',
'MARK_ITEM_MISSING_PIECES',
'UPDATE_CIRC_DURATION',
'CREATE_INVOICE',
'CREATE_MARC',
'CREATE_PICKLIST',
+ 'CREATE_PRECAT',
'CREATE_PURCHASE_ORDER',
'DELETE_BIB_IMPORT_QUEUE',
'DELETE_IMPORT_ITEM',
--- /dev/null
+-- Evergreen DB patch XXXX.data.lp1068287_add_create_precat_perm.sql
+--
+-- Add a permission to prevent untrained/non-authorized staff from
+-- adding pre-cat copies/items due to barcode misscans.
+--
+--BEGIN;
+
+-- check whether patch can be applied
+--SELECT evergreen.upgrade_deps_block_check('XXXX', :eg_version);
+
+INSERT INTO permission.perm_list(id, code, description)
+ VALUES (618, 'CREATE_PRECAT', 'Allows user to create a pre-catalogued copy');
+
+-- Add this new permission to any group with Staff login perm.
+-- Manually remove if needed
+insert into permission.grp_perm_map(perm, grp, depth) select 618, map.grp, 0 from permission.grp_perm_map as map where map.perm = 2;
+
+-- COMMIT;
</div>
</div>
<div class="modal-footer">
+ <div ng-show="!can_create_precats" class="alert alert-warning">
+ [% l('You do not have permission to complete this action.') %]
+ </div>
<input type="submit" class="btn btn-primary" value="[% l('Precat Checkout') %]"/>
<button class="btn btn-warning" ng-click="cancel()"
ng-class="{disabled : actionPending}">[% l('Cancel') %]</button>
templateUrl: './circ/share/t_precat_dialog',
backdrop: 'static',
controller:
- ['$scope', '$uibModalInstance', 'circMods',
- function($scope, $uibModalInstance, circMods) {
+ ['$scope', '$uibModalInstance', 'circMods', 'has_precat_perm',
+ function($scope, $uibModalInstance, circMods, has_precat_perm) {
$scope.focusMe = true;
$scope.precatArgs = {
copy_barcode : params.copy_barcode
};
+
+ $scope.can_create_precats = has_precat_perm;
$scope.circModifiers = circMods;
$scope.ok = function(args) { $uibModalInstance.close(args) }
$scope.cancel = function () { $uibModalInstance.dismiss() }
}
}],
resolve : {
- circMods : function() {
- return service.get_circ_mods();
- }
+ circMods : function() { return service.get_circ_mods(); },
+ has_precat_perm : function(){ return egCore.perm.hasPermHere('CREATE_PRECAT'); }
}
}).result.then(
function(args) {
projects / Evergreen.git / commitdiff