From 05dcc80a8a66ada38cba56704c6bca6f34708914 Mon Sep 17 00:00:00 2001 From: Jason Etheridge Date: Fri, 2 Jun 2017 12:59:24 -0400 Subject: [PATCH] LP#1616980 webstaff: protect "magic statuses" when editing copies This patch fixes a bug where the web staff volume/copy editor could be used to put items in or out of the following status: 1 - Checked out 3 - Lost 6 - In transit 8 - On holds shelf 16 - Long Overdue 18 - Canceled Transit To test ------- 1. Choose to "Edit Items" on an Available copy. 2. Status field is fully editable. Click to open the dropdown 3. Click "Checked out" 4. Click "Save & Exit" 5. Result is that the item status changes to 'checked out', which should not happen. 6. Choose to "Edit Items" on an Checked out copy. 7. Status field is fully editable. Click to open the dropdown 8. Click "Available" 9. Click "Save & Exit" 10. Result is that the item status changes to 'available'. 11. Apply the patch and repeat steps 1-10. This time, the magic status are marked as disabled in the copy status selector. If the item is already in one of the magic statuses, if the user attempts to change the status, the interface will appear to allow it, but the change will be silently ignored. Signed-off-by: Jason Etheridge Signed-off-by: Andrea Neiman Signed-off-by: Galen Charlton --- .../staff/cat/volcopy/t_attr_edit.tt2 | 2 +- .../js/ui/default/staff/cat/volcopy/app.js | 26 +++++++++++++++++-- 2 files changed, 25 insertions(+), 3 deletions(-) diff --git a/Open-ILS/src/templates/staff/cat/volcopy/t_attr_edit.tt2 b/Open-ILS/src/templates/staff/cat/volcopy/t_attr_edit.tt2 index e96d543b94..0d61a68aa9 100644 --- a/Open-ILS/src/templates/staff/cat/volcopy/t_attr_edit.tt2 +++ b/Open-ILS/src/templates/staff/cat/volcopy/t_attr_edit.tt2 @@ -116,7 +116,7 @@
diff --git a/Open-ILS/web/js/ui/default/staff/cat/volcopy/app.js b/Open-ILS/web/js/ui/default/staff/cat/volcopy/app.js index 23bd2e82f2..def7cdcb2a 100644 --- a/Open-ILS/web/js/ui/default/staff/cat/volcopy/app.js +++ b/Open-ILS/web/js/ui/default/staff/cat/volcopy/app.js @@ -151,6 +151,18 @@ function(egCore , $q) { }; + service.get_magic_statuses = function() { + /* TODO: make these more configurable per lp1616170 */ + return $q.when([ + 1 /* Checked out */ + ,3 /* Lost */ + ,6 /* In transit */ + ,8 /* On holds shelf */ + ,16 /* Long overdue */ + ,18 /* Canceled Transit */ + ]); + } + service.get_statuses = function() { if (egCore.env.ccs) return $q.when(egCore.env.ccs.list); @@ -925,7 +937,7 @@ function($scope , $q , $window , $routeParams , $location , $timeout , egCore , return true; } - createSimpleUpdateWatcher = function (field) { + createSimpleUpdateWatcher = function (field,exclude_copies_with_one_of_these_values) { return $scope.$watch('working.' + field, function () { var newval = $scope.working[field]; @@ -944,6 +956,10 @@ function($scope , $q , $window , $routeParams , $location , $timeout , egCore , angular.forEach( $scope.workingGridControls.selectedItems(), function (cp) { + if (exclude_copies_with_one_of_these_values + && exclude_copies_with_one_of_these_values.indexOf(cp[field](),0) > -1) { + return; + } if (cp[field]() !== newval) { cp[field](newval); cp.ischanged(1); @@ -1478,10 +1494,13 @@ function($scope , $q , $window , $routeParams , $location , $timeout , egCore , createSimpleUpdateWatcher('location'); $scope.status_list = []; + itemSvc.get_magic_statuses().then(function(list){ + $scope.magic_status_list = list; + createSimpleUpdateWatcher('status',$scope.magic_status_list); + }); itemSvc.get_statuses().then(function(list){ $scope.status_list = list; }); - createSimpleUpdateWatcher('status'); $scope.circ_modifier_list = []; itemSvc.get_circ_mods().then(function(list){ @@ -1909,6 +1928,9 @@ function($scope , $q , $window , $routeParams , $location , $timeout , egCore , }); $scope.status_list = []; + itemSvc.get_magic_statuses().then(function(list){ + $scope.magic_status_list = list; + }); itemSvc.get_statuses().then(function(list){ $scope.status_list = list; }); -- 2.43.2