Bug 9780: restrict the ability to delete a bib record associated with an order

Currently, anyone can delete a record used in an order.

With this patch, only librarians with managing order permission
can delete it if it is used in an active or a deleted order.

This patch also add a specific warning informing that deleting a record
used in an active order is dangerous.

To test :
A. test what can do and see a librarian with order managing rights
0) Connect to Koha with a borrower with order managing rights
1) in a basket, create 2 orders A & B from new records
2) delete order B
3) in the catalogue, try to delete
- record used for order A : you should see a specific warning
   informing you the record is used in 1 order, and that deleting it
   is dangerous
- record used for order B : you should see a specific warning informing
  you the record is used in 1 deleted order
- a record not used in any order : you should see no specific warning

B. test what can do and see a librarian without order managing rights
4) Connect to Koha with a borrower without order managing rights
5) in a basket, create 2 orders A & B from new records
6) delete order B
7) in the catalogue, try to delete
- record used for order A : you should see a specific warning informing you that
   you need specific rights to delete the record
- record used for order B : idem
- a record not used in any order : you should see no specific warning

Signed-off-by: Pierre Angot <tredok.pierre@gmail.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>

diff --git a/catalogue/detail.pl b/catalogue/detail.pl
index 60ac611..955dbf5 100755 (executable)
--- a/catalogue/detail.pl
+++ b/catalogue/detail.pl
@@ -42,6 +42,7 @@ use C4::Images;
 use Koha::DateUtils;
 use C4::HTML5Media;
 use C4::CourseReserves qw(GetItemCourseReservesInfo);
+use C4::Acquisition qw(GetOrdersByBiblionumber);
 
 # use Smart::Comments;
 
@@ -430,4 +431,35 @@ if ($StaffDetailItemSelection) {
     }
 }
 
+my @allorders_using_biblio = GetOrdersByBiblionumber ($biblionumber);
+my @deletedorders_using_biblio;
+my @orders_using_biblio;
+my @baskets_orders;
+my @baskets_deletedorders;
+
+foreach my $myorder (@allorders_using_biblio) {
+    my $basket = $myorder->{'basketno'};
+    if ((defined $myorder->{'datecancellationprinted'}) and  ($myorder->{'datecancellationprinted'} ne '0000-00-00') ){
+        push @deletedorders_using_biblio, $myorder;
+        unless (grep(/^$basket$/, @baskets_deletedorders)){
+            push @baskets_deletedorders,$myorder->{'basketno'};
+        }
+    }
+    else {
+        push @orders_using_biblio, $myorder;
+        unless (grep(/^$basket$/, @baskets_orders)){
+            push @baskets_orders,$myorder->{'basketno'};
+            }
+    }
+}
+
+my $count_orders_using_biblio = scalar @orders_using_biblio ;
+$template->param (countorders => $count_orders_using_biblio);
+
+my $count_deletedorders_using_biblio = scalar @deletedorders_using_biblio ;
+$template->param (countdeletedorders => $count_deletedorders_using_biblio);
+
+$template->param (basketsorders => \@baskets_orders);
+$template->param (basketsdeletedorders => \@baskets_deletedorders);
+
 output_html_with_http_headers $query, $cookie, $template->output;

diff --git a/koha-tmpl/intranet-tmpl/prog/en/includes/cat-toolbar.inc b/koha-tmpl/intranet-tmpl/prog/en/includes/cat-toolbar.inc
index 553d9ae..2c6f350 100644 (file)
--- a/koha-tmpl/intranet-tmpl/prog/en/includes/cat-toolbar.inc
+++ b/koha-tmpl/intranet-tmpl/prog/en/includes/cat-toolbar.inc
@@ -31,16 +31,31 @@
     function confirm_deletion() {
         var count = [% count %];
         var holdcount = [% holdcount %];
-
+        var countorders = [% countorders %];
+        var countdeletedorders = [% countdeletedorders %];
         var is_confirmed;
        if (count > 0){
             is_confirmed = alert( count + " " +_("item(s) are attached to this record. You must delete all items before deleting this record.") );
-        } else if ( holdcount > 0 ) {
-            is_confirmed = confirm( holdcount + " " + _("hold(s) on this record. Are you sure you want to delete this record?."));
+         }
+        else if (countorders > 0){
+            [% IF ( CAN_user_acquisition_order_manage ) %]
+                is_confirmed = confirm( _("Warning: This record is used in")+" "+ countorders + " " +_("order(s). Deleting it could cause serious issues on acquisition module.\nAre you sure you want to delete this record?") );
+            [% ELSE %]
+                is_confirmed = alert( countorders + " " +_("order(s) are using this record.\nYou need order managing permissions to delete this record.") );
+            [% END %]
+        }
+        else if (countdeletedorders > 0){
+             [% IF ( CAN_user_acquisition_order_manage ) %]
+                 is_confirmed = confirm( countdeletedorders + " " +_("deleted order(s) are using this record.\nAre you sure you want to delete this record?") );
+             [% ELSE %]
+                 is_confirmed = alert( countdeletedorders + " " +_("deleted order(s) are using this record.\nYou need order managing permissions to delete this record.") );
+             [% END %]
+        }
+        else if ( holdcount > 0 ) {
+            is_confirmed = confirm( holdcount + " " + _("holds(s) for this record.\nAre you sure you want to delete this record?"));
         } else {
             is_confirmed = confirm(_("Are you sure you want to delete this record?"));
         }
-
         if (is_confirmed) {
             if ( count > 0 || holdcount > 0 ){
                 return false;