Bug 14354: Prevent edition of items from other branches if Independen…

…tBranches is on If IdependentBranches is ON, to edit/delete items from other branches you need to be superlibrarian. Currently a "simple" staff user cannot edit them from the edit item page but from the catalogue detail page. The edit links should not be displayed on this table. Test plan: O/ Set IndependentBranches to "Prevent". Create a record and add 2 items: Set homebranch to L1 for item I1. Set homebranch to L2 for item I2. 1/ With a superlibrarian user, you should be able to edit both items. 2/ With a "simple" user attached to L1, you should only be able to edit I1. The edit links should not be displayed for I2. Note that the checkbox is displayed on the catalogue detail page (item list), but on the batch tools, it won't be possible to select non-modifiable items. TODO: Add a server-side check. Indeed it is still possible to edit an item if the user know the url. Followed test plan. Works as expected. Signed-off-by: Marc Véron <[email protected]> Signed-off-by: Katrin Fischer <[email protected]> Signed-off-by: Tomas Cohen Arazi <[email protected]>
minusdavid · Sep 7, 2015 · bcab241 · bcab241
1 parent 198e273
commit bcab241
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 3 deletions.
diff --git a/catalogue/detail.pl b/catalogue/detail.pl
@@ -199,7 +199,6 @@
 my $separatebranch = C4::Context->preference('SeparateHoldingsBranch') || 'homebranch';
 foreach my $item (@items) {
     my $itembranchcode = $item->{$separatebranch};
-    $item->{homebranch}        = GetBranchName($item->{homebranch});
 
     # can place holds defaults to yes
     $norequests = 0 unless ( ( $item->{'notforloan'} > 0 ) || ( $item->{'itemnotforloan'} > 0 ) );
@@ -279,6 +278,14 @@
         $item->{'course_reserves'} = GetItemCourseReservesInfo( itemnumber => $item->{'itemnumber'} );
     }
 
+    if ( C4::Context->preference('IndependentBranches') ) {
+        my $userenv = C4::Context->userenv();
+        if ( not C4::Context->IsSuperLibrarian()
+            and $userenv->{branch} ne $item->{homebranch} ) {
+            $item->{cannot_be_edited} = 1;
+        }
+    }
+
     if ($currentbranch and $currentbranch ne "NO_LIBRARY_SET"
     and C4::Context->preference('SeparateHoldings')) {
         if ($itembranchcode and $itembranchcode eq $currentbranch) {

diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/detail.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/detail.tt
@@ -1,6 +1,7 @@
 [% USE Koha %]
 [% USE KohaDates %]
 [% USE AuthorisedValues %]
+[% USE Branches %]
 
 [% ShowCourseReserves = 0 %]
 [% IF UseCourseReserves %]
@@ -624,7 +625,7 @@ function verify_images() {
                         </td>
                     [% END %]
                     <td class="location">[% UNLESS ( singlebranchmode ) %][% item.branchname %] [% END %]</td>
-                    <td class="homebranch">[% item.homebranch %]<span class="shelvingloc">[% item.location %]</span> </td>
+                    <td class="homebranch">[% Branches.GetName(item.homebranch) %]<span class="shelvingloc">[% item.location %]</span> </td>
                     [% IF ( itemdata_ccode ) %]<td>[% item.ccode %]</td>[% END %]
                     <td class="itemcallnumber">[% IF ( item.itemcallnumber ) %] [% item.itemcallnumber %][% END %]</td>
                     <td class="status">
@@ -806,8 +807,10 @@ function verify_images() {
                        [% END %]
                     </td>
                 [% END %]
-                [% IF ( CAN_user_editcatalogue_edit_items ) %]
+                [% IF CAN_user_editcatalogue_edit_items and not item.cannot_be_edited %]
                     <td><a href="/cgi-bin/koha/cataloguing/additem.pl?op=edititem&biblionumber=[% item.biblionumber %]&itemnumber=[% item.itemnumber %]#edititem">Edit</a></td>
+                [% ELSE %]
+                    <td></td>
                 [% END %]
                 </tr>
             [% END %]