[Koha-bugs] [Bug 28882] Incorrect permissions check client-side
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Fri Sep 3 03:28:50 CEST 2021
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28882
Hayley Pelham <hayleypelham at catalyst.net.nz> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #123972|0 |1
is obsolete| |
--- Comment #5 from Hayley Pelham <hayleypelham at catalyst.net.nz> ---
Created attachment 124443
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=124443&action=edit
Bug 28882: permission UI allows selection of superlibrarian permission
With bug 20100 and 22150 we allow to select all the permissions but the
superlibrarian permission, to ease the selection. And we also forbid a
non-superlibrarian user to add superlibrarian permission.
However there is something wrong in the JS code and it's possible to add
the superlibrarian permission. The user is getting an ugly 500 and so
the permission change is not done, but the UI checks must be fixed.
To recreate:
Login with a non-superlibrarian user
Edit permission
Clear all
=> You can select the "superlibrarian" permission
Test plan:
Login with a non-superlibrarian user
Try to set the superlibrarian permissions to a user
=> not possible
Try the select all/clear all
=> still cannot set the superlibrarian permission
Work to be done:
Login with a non-superlibrarian user
Edit permissions for a superlibrarian user
=> You can remove it, then cannot add it back
Should we allow removal of superlibrarian permission by
non-superlibrarian user?
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list