From 7f8d2a1d4ca8c3baf157e03613cb0e57bf795de7 Mon Sep 17 00:00:00 2001 From: Cesar Velez Date: Thu, 13 Dec 2018 18:13:39 -0500 Subject: [PATCH] LP#1068287 - Add CREATE_PRECAT permission Add this permission to prevent untrained/un-authorized circ staff from creating pre-cat items due to mis-scanned barcodes. Added to all profiles by default, so that staff admins can pinpoint users who may not have it, i.e Volunteers, etc. Signed-off by: Cesar Velez Signed-off-by: Jason Etheridge Signed-off-by: Galen Charlton --- .../perlmods/lib/OpenILS/Application/Circ/Circulate.pm | 4 +++- Open-ILS/src/sql/Pg/950.data.seed-values.sql | 10 +++++++++- ...XXX.data.lp1068287_add_create_precat_permission.sql | 18 ++++++++++++++++++ .../src/templates/staff/circ/share/t_precat_dialog.tt2 | 3 +++ Open-ILS/web/js/ui/default/staff/circ/services/circ.js | 11 ++++++----- 5 files changed, 39 insertions(+), 7 deletions(-) create mode 100644 Open-ILS/src/sql/Pg/upgrade/XXXX.data.lp1068287_add_create_precat_permission.sql diff --git a/Open-ILS/src/perlmods/lib/OpenILS/Application/Circ/Circulate.pm b/Open-ILS/src/perlmods/lib/OpenILS/Application/Circ/Circulate.pm index 7a2958a3ad..edf05860d1 100644 --- a/Open-ILS/src/perlmods/lib/OpenILS/Application/Circ/Circulate.pm +++ b/Open-ILS/src/perlmods/lib/OpenILS/Application/Circ/Circulate.pm @@ -262,7 +262,7 @@ sub run_method { # requesting a precat checkout implies that any required # overrides have been performed. Go ahead and re-override. $circulator->skip_permit_key(1); - $circulator->override(1) if $circulator->request_precat; + $circulator->override(1) if ( $circulator->request_precat && $circulator->editor->allowed('CREATE_PRECAT') ); $circulator->do_permit(); $circulator->is_checkout(1); unless( $circulator->bail_out ) { @@ -2426,6 +2426,8 @@ sub create_due_date { sub make_precat_copy { my $self = shift; my $copy = $self->copy; + return $self->bail_on_events(OpenILS::Event->new('PERM_FAILURE')) + unless $self->editor->allowed('CREATE_PRECAT'); if($copy) { $logger->debug("circulator: Pre-cat copy already exists in checkout: ID=" . $copy->id); diff --git a/Open-ILS/src/sql/Pg/950.data.seed-values.sql b/Open-ILS/src/sql/Pg/950.data.seed-values.sql index 364942aa74..ae42bdf0dc 100644 --- a/Open-ILS/src/sql/Pg/950.data.seed-values.sql +++ b/Open-ILS/src/sql/Pg/950.data.seed-values.sql @@ -1929,7 +1929,9 @@ INSERT INTO permission.perm_list ( id, code, description ) VALUES ( 616, 'IMPORT_USE_ORG_UNIT_COPIES', oils_i18n_gettext( 616, 'Allows users to import records based on the number of org unit copies attached to a record', 'ppl', 'description' )), ( 617, 'IMPORT_ON_ORDER_CAT_COPY', oils_i18n_gettext( 617, - 'Allows users to import copies based on the on-order items attached to a record', 'ppl', 'description' )) + 'Allows users to import copies based on the on-order items attached to a record', 'ppl', 'description' )), + ( 618, 'CREATE_PRECAT', oils_i18n_gettext(618, + 'Allows a user to create a pre-catalogued copy', 'ppl', 'description')) ; @@ -2023,6 +2025,7 @@ INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) aout.name = 'Consortium' AND perm.code IN ( 'CREATE_COPY_TRANSIT', + 'CREATE_PRECAT', 'VIEW_BILLING_TYPE', 'VIEW_CIRCULATIONS', 'VIEW_COPY_NOTES', @@ -2165,6 +2168,7 @@ INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) 'CREATE_BIB_IMPORT_QUEUE', 'CREATE_IMPORT_ITEM', 'CREATE_MARC', + 'CREATE_PRECAT', 'CREATE_TITLE_NOTE', 'DELETE_BIB_IMPORT_QUEUE', 'DELETE_IMPORT_ITEM', @@ -2258,6 +2262,7 @@ INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) 'CREATE_IMPORT_TRASH_FIELD', 'CREATE_MERGE_PROFILE', 'CREATE_MONOGRAPH_PART', + 'CREATE_PRECAT', 'CREATE_VOLUME_PREFIX', 'CREATE_VOLUME_SUFFIX', 'DELETE_AUTHORITY_IMPORT_IMPORT_FIELD_DEF', @@ -2333,6 +2338,7 @@ INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) 'ADMIN_BOOKING_RESOURCE_ATTR_VALUE', 'ADMIN_BOOKING_RESOURCE_TYPE', 'ASSIGN_GROUP_PERM', + 'CREATE_PRECAT', 'MARK_ITEM_AVAILABLE', 'MARK_ITEM_BINDERY', 'MARK_ITEM_CHECKED_OUT', @@ -2433,6 +2439,7 @@ INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) perm.code IN ( 'ADMIN_MAX_FINE_RULE', 'CREATE_CIRC_DURATION', + 'CREATE_PRECAT', 'DELETE_CIRC_DURATION', 'MARK_ITEM_MISSING_PIECES', 'UPDATE_CIRC_DURATION', @@ -2614,6 +2621,7 @@ INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) 'CREATE_INVOICE', 'CREATE_MARC', 'CREATE_PICKLIST', + 'CREATE_PRECAT', 'CREATE_PURCHASE_ORDER', 'DELETE_BIB_IMPORT_QUEUE', 'DELETE_IMPORT_ITEM', diff --git a/Open-ILS/src/sql/Pg/upgrade/XXXX.data.lp1068287_add_create_precat_permission.sql b/Open-ILS/src/sql/Pg/upgrade/XXXX.data.lp1068287_add_create_precat_permission.sql new file mode 100644 index 0000000000..e960c5d785 --- /dev/null +++ b/Open-ILS/src/sql/Pg/upgrade/XXXX.data.lp1068287_add_create_precat_permission.sql @@ -0,0 +1,18 @@ +-- Evergreen DB patch XXXX.data.lp1068287_add_create_precat_perm.sql +-- +-- Add a permission to prevent untrained/non-authorized staff from +-- adding pre-cat copies/items due to barcode misscans. +-- +--BEGIN; + +-- check whether patch can be applied +--SELECT evergreen.upgrade_deps_block_check('XXXX', :eg_version); + +INSERT INTO permission.perm_list(id, code, description) + VALUES (618, 'CREATE_PRECAT', 'Allows user to create a pre-catalogued copy'); + +-- Add this new permission to any group with Staff login perm. +-- Manually remove if needed +insert into permission.grp_perm_map(perm, grp, depth) select 618, map.grp, 0 from permission.grp_perm_map as map where map.perm = 2; + +-- COMMIT; diff --git a/Open-ILS/src/templates/staff/circ/share/t_precat_dialog.tt2 b/Open-ILS/src/templates/staff/circ/share/t_precat_dialog.tt2 index f9944b9d39..d28023a60d 100644 --- a/Open-ILS/src/templates/staff/circ/share/t_precat_dialog.tt2 +++ b/Open-ILS/src/templates/staff/circ/share/t_precat_dialog.tt2 @@ -37,6 +37,9 @@