koha: auth template params

fb22a457 · Benjamin Rokseth · 8bc73d5d · fb22a457
Commit fb22a457 authored Dec 20, 2018 by Benjamin Rokseth
--- a/koha/Deichman/Auth.pm
+++ b/koha/Deichman/Auth.pm
@@ -176,13 +176,7 @@ sub templateAndPermissions {
        return $template;
    }

-    my $template = C4::Templates::gettemplate(
-        $name,
-        $in->{type}, $self,
-        $in->{is_plugin},
-    );
-
-    $template->param( LoginBranchname => $branch );
+    my $template = C4::Templates::gettemplate( $name, $in->{type}, $self, $in->{is_plugin} ); # this is weird...

    #if ( $in->{'template_name'} !~ m/maintenance/ ) {
    #    ( $user, $cookie, $sessionID, $flags ) = checkauth(
@@ -193,38 +187,27 @@ sub templateAndPermissions {
    #    );
    #}

-    # TODO permissions, SHOULD BE HANDLED BY various AUTH MODULES
-    # E.g: without staffaccess logout?
-    #my $capabilities = {};
-    # HERE
-    # my $capabilities = $self->getPermissions();
-    try {
-        my $id = $self->{session}->param("id");
-        if ($self->{session}->param("admin")) {
-            # Admin user login should be removed!
-            warn "TEMPLATE CALLED WITH ADMINUSER - BETTER REMOVE THIS";
-            $auth->{permissions} = { superlibrarian => 1 };
-            #$capabilities = { superlibrarian => 1 };
-            $template->param(loggedinusername => $id);
-        } else {
-            #my $p = Deichman::Patron->new()->GetByUserId($userid);
-            #$template->param( "USER_INFO" => $p->{patron} );
-            #$capabilities = $self->getUserFlags($p->{patron}->{flags}, $userid);
-            # my $borrowernumber = C4::Auth::getborrowernumber($userid); #???
-            #$template->param(loggedinusername   => $id);
-            #$template->param(loggedinusernumber => $p->{patron}->{borrowernumber});
-            $template->param("USER_INFO" => $auth->{user});
-            $template->param(loggedinusername => $auth->{user}->{userid});
-            $template->param(loggedinusernumber => $auth->{user}->{borrowernumber}); # for legacy?
-        }
-    } catch {
-        # patron not found
-        warn $_->description;
-    };
-    #warn Dumper($capabilities)." FLAGS";
+    $self->setTemplatePermissions( $template, $auth, $branch );
+    return $template;
+}
+
+# set template permissions from auth object
+sub setTemplatePermissions {
+    my ($self, $template, $auth, $branch) = @_;
+
+    $template->param( LoginBranchname => $branch );
+    my $id = $self->{session}->param("id");
+    if ($self->{session}->param("admin")) {
+        # Admin user login should be removed!
+        warn "TEMPLATE CALLED WITH ADMINUSER - BETTER REMOVE THIS";
+        $auth->{permissions} = { superlibrarian => 1 };
+        $template->param(loggedinusername => $id);
+    } else {
+        $template->param("USER_INFO" => $auth->{user});
+        $template->param(loggedinusername => $auth->{user}->{userid});
+        $template->param(loggedinusernumber => $auth->{user}->{borrowernumber}); # for legacy?
+    }

-    # iterates permissions for any template
-    # TODO: rewrite this?
    my $all_perms = $self->getAllPermissions();
    for my $name (keys %$all_perms ) {
        my $value = $auth->{permissions}->{superlibrarian} ? 1 : $auth->{permissions}->{$name};
@@ -236,12 +219,14 @@ sub templateAndPermissions {
        $value = $all_perms->{$name} unless ref $value;

        $template->param( "CAN_user_${name}" => 1 );
-        $template->param( "CAN_user_management" => 1 ) if $name eq "parameters";
+        # subpermissions
        for my $subname ( keys %$value ) {
            $template->param( "CAN_user_${name}_${subname}" => 1 );
        }
+        # deviations
+        $template->param( "CAN_user_management" => 1 ) if $name eq "parameters";
+        $template->param( "CAN_user_catalogue" => 1 ) if $name eq "editcatalogue";
    }
    return $template;
 }
-
 1;