DIS-13 - Local Administrators

- Don't show Contact Information or Linked Accounts for Local Admins - Hide Show Checkouts and Holds in Results preference for Local Admins - Do not allow aspen_admin user to be deleted. - Do not allow aspen_admin user to be edited by anyone other than the aspen_admin user.
Aspen-Discovery · Jan 13, 2025 · eec5e17 · eec5e17
1 parent a3afa61
commit eec5e17
Show file tree

Hide file tree

Showing 12 changed files with 195 additions and 136 deletions.
diff --git a/code/web/interface/themes/responsive/MyAccount/account-sidebar.tpl b/code/web/interface/themes/responsive/MyAccount/account-sidebar.tpl
@@ -250,14 +250,14 @@
 							{if empty($offline)}
 								{if !empty($showUserPreferences)}<div class="myAccountLink"><a href="/MyAccount/MyPreferences">{translate text='Your Preferences' isPublicFacing=true}</a></div>{/if}
 								{if $cookieConsentEnabled} <div class="header-menu-option"><a href="/MyAccount/MyCookiePreferences">{translate text="Your Privacy Settings" isPublicFacing=true}</a></div>{/if}
-								{if !empty($showUserContactInformation)}<div class="myAccountLink"><a href="/MyAccount/ContactInformation">{translate text='Contact Information' isPublicFacing=true}</a></div>{/if}
+								{if !empty($showUserContactInformation) && $userHasCatalogConnection}<div class="myAccountLink"><a href="/MyAccount/ContactInformation">{translate text='Contact Information' isPublicFacing=true}</a></div>{/if}
 								{if $user->showHoldNotificationPreferences()}
 									<div class="myAccountLink"><a href="/MyAccount/HoldNotificationPreferences">{translate text='Hold Notification Preferences' isPublicFacing=true}</a></div>
 								{/if}
 								{if $user->showMessagingSettings()}
 									<div class="myAccountLink"><a href="/MyAccount/MessagingSettings">{translate text='Messaging Settings' isPublicFacing=true}</a></div>
 								{/if}
-								{if !empty($allowAccountLinking)}
+								{if !empty($allowAccountLinking) && $userHasCatalogConnection}
 									<div class="myAccountLink"><a href="/MyAccount/LinkedAccounts">{translate text='Linked Accounts' isPublicFacing=true}</a></div>
 								{/if}
 								{if !empty($twoFactorEnabled)}
@@ -312,4 +312,4 @@
 		});
 		{/literal}
 	</script>
-{/strip}
+{/strip}
diff --git a/code/web/interface/themes/responsive/MyAccount/linkedAccounts.tpl b/code/web/interface/themes/responsive/MyAccount/linkedAccounts.tpl
@@ -16,6 +16,8 @@
 			<h1>{translate text='Linked Accounts' isPublicFacing=true}</h1>
 			{if !empty($offline)}
 				<div class="alert alert-warning"><strong>{translate text=$offlineMessage isPublicFacing=true}</strong></div>
+			{elseif !empty($invalidSource)}
+				<div class="alert alert-danger"><strong>{translate text="Sorry, this functionality is only available to ILS users." isPublicFacing=true}</strong></div>
 			{else}
 				{if $profile->disableAccountLinking==0 && $linkSetting != 3}
 					<p class="alert alert-info">
@@ -64,4 +66,4 @@
 			</div>
 		{/if}
 	</div>
-{/strip}
+{/strip}
diff --git a/code/web/interface/themes/responsive/MyAccount/myPreferences.tpl b/code/web/interface/themes/responsive/MyAccount/myPreferences.tpl
@@ -221,14 +221,17 @@
 						</div>
 					{/if}
 
-					<div class="form-group propertyRow">
-						<label for="disableCirculationActions" class="control-label">{translate text='Show Checkouts and Holds in Results' isPublicFacing=true}</label>&nbsp;
-						{if $edit == true}
-							<input type="checkbox" class="form-control" name="disableCirculationActions" id="disableCirculationActions" {if $profile->disableCirculationActions==0}checked='checked'{/if} data-switch="">
-						{else}
-							&nbsp;{if $profile->disableCirculationActions==1} {translate text='No' isPublicFacing=true}{else} {translate text='Yes' isPublicFacing=true}{/if}
-						{/if}
-					</div>
+					{if !empty($isAssociatedWithILS)}
+						<div class="form-group propertyRow">
+							<label for="disableCirculationActions" class="control-label">{translate text='Show Checkouts and Holds in Results' isPublicFacing=true}</label>&nbsp;
+							{if $edit == true}
+								<input type="checkbox" class="form-control" name="disableCirculationActions" id="disableCirculationActions" {if $profile->disableCirculationActions==0}checked='checked'{/if} data-switch="">
+							{else}
+								&nbsp;{if $profile->disableCirculationActions==1} {translate text='No' isPublicFacing=true}{else} {translate text='Yes' isPublicFacing=true}{/if}
+							{/if}
+						</div>
+					{/if}
+
 					{if $enableCostSavingsForLibrary}
 						<div class="form-group propertyRow">
 							<label for="enableCostSavings" class="control-label">{translate text='Display Library Savings' isPublicFacing=true}</label>&nbsp;
@@ -272,4 +275,4 @@
 			</div>
 		{/if}
 	</div>
-{/strip}
+{/strip}
diff --git a/code/web/release_notes/25.02.00.MD b/code/web/release_notes/25.02.00.MD
@@ -11,6 +11,8 @@
 ### Administration Updates
 - Allow patron types to be associated with account profiles and make uniqueness the combination of the patron type and account profile. (DIS-214) (*MDN*)
 - Properly show and hide fields within account profiles based on the selected ILS. (DIS-220) (*MDN*)
+- Do not allow aspen_admin user to be deleted. (DIS-13) (*MDN*)
+- Do not allow aspen_admin user to be edited by anyone other than the aspen_admin user. (DIS-13) (*MDN*)
 
 <div markdown="1" class="settings">
 
@@ -30,6 +32,9 @@
 
 ### Local Administrators
 - Allow local administrators to be defined within Aspen. (DIS-13) (*MDN*)
+- Local administrators are not allowed to link to other accounts and cannot be linked to from other accounts. (DIS-13) (*MDN*)
+- Hide preference for *Show Checkouts and Holds in Results* for local administrators within My Preferences. (DIS-13) (*MDN*)
+- Hide Contact Information for local administrators. (DIS-13) (*MDN*)
 
 <div markdown="1" class="settings">
 

diff --git a/code/web/services/Admin/Administrators.php b/code/web/services/Admin/Administrators.php
@@ -56,19 +56,19 @@ function getIdKeyColumn(): string {
 		return 'id';
 	}
 
-	function canAddNew() {
+	function canAddNew() : bool {
 		return false;
 	}
 
-	function canCompare() {
+	function canCompare() : bool {
 		return false;
 	}
 
-	function canCopy() {
+	function canCopy() : bool {
 		return false;
 	}
 
-	function customListActions() {
+	function customListActions() : array {
 		return [
 			[
 				'label' => 'Add Administrator',
@@ -78,16 +78,15 @@ function customListActions() {
 	}
 
 	/** @noinspection PhpUnused */
-	function addAdministrator() {
+	function addAdministrator() : void {
 		global $interface;
 		//Basic List
 		$interface->setTemplate('addAdministrator.tpl');
 	}
 
 	/** @noinspection PhpUnused */
-	function processNewAdministrator() {
+	function processNewAdministrator() : void {
 		global $interface;
-		global $configArray;
 		$loginRaw = trim($_REQUEST['login']);
 		$logins = preg_split("/\\r\\n|\\r|\\n/", $loginRaw);
 		$errors = [];
@@ -100,7 +99,7 @@ function processNewAdministrator() {
 			if ($numResults == 0) {
 				//See if we can fetch the user from the ils
 				$newAdmin = UserAccount::findNewUser($login, '');
-				if ($newAdmin == false) {
+				if ($newAdmin === false) {
 					$newAdmin = new User();
 					$newAdmin->username = $login;
 					$newAdmin->find();
@@ -131,7 +130,7 @@ function processNewAdministrator() {
 				]);
 			}
 
-			if ($newAdmin != false) {
+			if ($newAdmin !== false) {
 				if (isset($_REQUEST['roles'])) {
 					//Convert from a list of ids to the actual roles to be saved
 					$roleIds = $_REQUEST['roles'];
@@ -187,23 +186,23 @@ function canView(): bool {
 		return UserAccount::userHasPermission('Administer Users');
 	}
 
-	function canDelete() {
+	function canDelete() : bool {
 		return false;
 	}
 
-	function canBatchEdit() {
+	function canBatchEdit() : bool {
 		return false;
 	}
 
-	function canFilter($objectStructure) {
+	function canFilter($objectStructure) : bool {
 		return false;
 	}
 
-	protected function showQuickFilterOnPropertiesList() {
+	protected function showQuickFilterOnPropertiesList() : bool {
 		return true;
 	}
 
-	protected function supportsPagination() {
+	protected function supportsPagination() : bool {
 		return false;
 	}
 }
diff --git a/code/web/services/Admin/LocalAdministrators.php b/code/web/services/Admin/LocalAdministrators.php
@@ -70,8 +70,9 @@ function getInstructions(): string {
 
 	function getBreadcrumbs(): array {
 		$breadcrumbs = [];
-		$breadcrumbs[] = new Breadcrumb('/Greenhouse/Home', 'Greenhouse Home');
-		$breadcrumbs[] = new Breadcrumb('/Development/Users', 'Users');
+		$breadcrumbs[] = new Breadcrumb('/Admin/Home', 'Administration Home');
+		$breadcrumbs[] = new Breadcrumb('/Admin/Home#system_admin', 'System Administration');
+		$breadcrumbs[] = new Breadcrumb('/Admin/LocalAdministrators', 'Local Administrators');
 		return $breadcrumbs;
 	}
 

diff --git a/code/web/services/MyAccount/AJAX.php b/code/web/services/MyAccount/AJAX.php
@@ -85,76 +85,89 @@ function addAccountLink(): array {
 
 				if ($accountToLink->id != $user->id) {
 					$linkeePtype = $accountToLink->getPType();
-
-					require_once ROOT_DIR . '/sys/Account/PType.php';
-					$linkingSettingUser = PType::getAccountLinkingSetting($userPtype);
-					$linkingSettingLinkee = PType::getAccountLinkingSetting($linkeePtype);
-
-					if (($accountToLink->disableAccountLinking == 0) && ($linkingSettingUser != '1' && $linkingSettingUser != '3') && ($linkingSettingLinkee != '2' && $linkingSettingLinkee != '3')) {
-						$addResult = $user->addLinkedUser($accountToLink);
-						if ($addResult === true) {
-							$result = [
-								'success' => true,
-								'title' => translate([
-									'text' => 'Success',
-									'isPublicFacing' => true,
-								]),
-								'message' => translate([
-									'text' => 'Successfully linked accounts.',
-									'isPublicFacing' => true,
-								]),
-							];
-						} else { // insert failure or user is blocked from linking account or account & account to link are the same account
-							$result = [
-								'success' => false,
-								'title' => translate([
-									'text' => 'Unable to link accounts',
-									'isPublicFacing' => true,
-								]),
-								'message' => translate([
-									'text' => 'Sorry, we could not link to that account.  Accounts cannot be linked if all libraries do not allow account linking.  Please contact your local library if you have questions.',
-									'isPublicFacing' => true,
-								]),
-							];
-						}
-					} else {
-						if ($linkingSettingUser == '1' || $linkingSettingUser == '3') {
-							$result = [
-								'success' => false,
-								'title' => translate([
-									'text' => 'Unable to link accounts',
-									'isPublicFacing' => true,
-								]),
-								'message' => translate([
-									'text' => 'Sorry, you are not permitted to link to others.',
-									'isPublicFacing' => true,
-								]),
-							];
-						} else if ($linkingSettingLinkee == '2' || $linkingSettingLinkee == '3') {
-							$result = [
-								'success' => false,
-								'title' => translate([
-									'text' => 'Unable to link accounts',
-									'isPublicFacing' => true,
-								]),
-								'message' => translate([
-									'text' => 'Sorry, that account cannot be linked to.',
-									'isPublicFacing' => true,
-								]),
-							];
+					if ($linkeePtype != null) {
+						require_once ROOT_DIR . '/sys/Account/PType.php';
+						$linkingSettingUser = PType::getAccountLinkingSetting($userPtype);
+						$linkingSettingLinkee = PType::getAccountLinkingSetting($linkeePtype);
+
+						if (($accountToLink->disableAccountLinking == 0) && ($linkingSettingUser != '1' && $linkingSettingUser != '3') && ($linkingSettingLinkee != '2' && $linkingSettingLinkee != '3')) {
+							$addResult = $user->addLinkedUser($accountToLink);
+							if ($addResult === true) {
+								$result = [
+									'success' => true,
+									'title' => translate([
+										'text' => 'Success',
+										'isPublicFacing' => true,
+									]),
+									'message' => translate([
+										'text' => 'Successfully linked accounts.',
+										'isPublicFacing' => true,
+									]),
+								];
+							} else { // insert failure or user is blocked from linking account or account & account to link are the same account
+								$result = [
+									'success' => false,
+									'title' => translate([
+										'text' => 'Unable to link accounts',
+										'isPublicFacing' => true,
+									]),
+									'message' => translate([
+										'text' => 'Sorry, we could not link to that account.  Accounts cannot be linked if all libraries do not allow account linking.  Please contact your local library if you have questions.',
+										'isPublicFacing' => true,
+									]),
+								];
+							}
 						} else {
-							$result = [
-								'success' => false,
-								'title' => translate([
-									'text' => 'Unable to link accounts',
-									'isPublicFacing' => true,
-								]),
-								'message' => translate([
-									'text' => 'Sorry, this user does not allow account linking.',
-									'isPublicFacing' => true,
-								]),
-							];
+							if ($linkingSettingUser == '1' || $linkingSettingUser == '3') {
+								$result = [
+									'success' => false,
+									'title' => translate([
+										'text' => 'Unable to link accounts',
+										'isPublicFacing' => true,
+									]),
+									'message' => translate([
+										'text' => 'Sorry, you are not permitted to link to others.',
+										'isPublicFacing' => true,
+									]),
+								];
+							} else if ($linkingSettingLinkee == '2' || $linkingSettingLinkee == '3') {
+								$result = [
+									'success' => false,
+									'title' => translate([
+										'text' => 'Unable to link accounts',
+										'isPublicFacing' => true,
+									]),
+									'message' => translate([
+										'text' => 'Sorry, that account cannot be linked to.',
+										'isPublicFacing' => true,
+									]),
+								];
+							} else {
+								$result = [
+									'success' => false,
+									'title' => translate([
+										'text' => 'Unable to link accounts',
+										'isPublicFacing' => true,
+									]),
+									'message' => translate([
+										'text' => 'Sorry, this user does not allow account linking.',
+										'isPublicFacing' => true,
+									]),
+								];
+							}
 						}
+					}else{
+						$result = [
+							'success' => false,
+							'title' => translate([
+								'text' => 'Unable to link accounts',
+								'isPublicFacing' => true,
+							]),
+							'message' => translate([
+								'text' => 'Sorry, this user type cannot be linked to.',
+								'isPublicFacing' => true,
+							]),
+						];
 					}
 				} else {
 					$result = [

diff --git a/code/web/services/MyAccount/ContactInformation.php b/code/web/services/MyAccount/ContactInformation.php
@@ -32,6 +32,7 @@ function launch() {
 				$showAlternateLibraryOptionsInProfile = false;
 				$allowAccountLinking = true;
 				$passwordLabel = 'Library Card Number';
+				$symphonyDefaultPhoneField = null;
 			} else {
 				$canUpdateContactInfo = ($patronHomeLibrary->allowProfileUpdates == 1);
 				$canUpdateAddress = ($patronHomeLibrary->allowPatronAddressUpdates == 1);

diff --git a/code/web/services/MyAccount/EmailResetPin.php b/code/web/services/MyAccount/EmailResetPin.php
@@ -4,7 +4,7 @@
 require_once ROOT_DIR . '/CatalogConnection.php';
 
 class MyAccount_EmailResetPin extends Action {
-	function launch($msg = null) {
+	function launch($msg = null) : void {
 		global $interface;
 		global $library;