[Koha-bugs] [Bug 30387] IndependentBranches allows users to change libraries when they should not be able to

bugzilla-daemon at bugs.koha-community.org bugzilla-daemon at bugs.koha-community.org
Tue Apr 26 21:35:12 CEST 2022 

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30387

Andrew Fuerste-Henry <andrew at bywatersolutions.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
 Attachment #132352|0                           |1
        is obsolete|                            |

--- Comment #4 from Andrew Fuerste-Henry <andrew at bywatersolutions.com> ---
Created attachment 133990
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=133990&action=edit
Bug 30387: Only allow superlibrarians to set library with IndependentBranches
enabled

To test:
1. Turn on IndependentBranches.
2. Give a staff member editcatalogue permissions but not superlibrarian
permissions.
3. Once logged in as that staff member click on the name in the top right
corner, notice that the 'Set library' button is there.
4. Turn on the CircSidebar system preference and go to any page that includes
the  CircSidebar. ( returns.tt, circulation,tt ). Notcie the Set library button
is visibile.
5. Go to '/cgi-bin/koha/circ/set-library.pl', notice you can set your library
to something else.
6. Apply patch
7. Again with the staff member who has editcatalogue permissions but not
superlibrarian permissions try steps 3-5. This time you should not see the 'Set
library' links. On '/cgi-bin/koha/circ/set-library.pl' you should not be able
to change your library.
8. With a superlibrarian try steps 3-5, you should see the 'Set library' links 
and on '/cgi-bin/koha/circ/set-library.pl' you should be able to set your
library
9. Turn on 'UseCirculationDesks'.
10. When repeating 3-5 make sure you can see only the 'Set desk' links while
logged in as the non-superlibrarian. On '/cgi-bin/koha/circ/set-library.pl' you
should only be able to 'Set desk'.
11. Now with a staff member who has neither superlibrarian permissions OR
editcatalogue permissions do steps 3-5. You should NOT see the 'Set library
links' but you should see the 'Set desk' links.

Signed-off-by: Andrew Fuerste-Henry <andrew at bywatersolutions.com>

-- 
You are receiving this mail because:
You are watching all bug changes.

More information about the Koha-bugs mailing list