[Koha-bugs] [Bug 33440] New: A public list can be transferred to a staff member without list permissions
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Thu Apr 6 21:17:47 CEST 2023
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33440
Bug ID: 33440
Summary: A public list can be transferred to a staff member
without list permissions
Change sponsored?: ---
Product: Koha
Version: master
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5 - low
Component: Lists
Assignee: koha-bugs at lists.koha-community.org
Reporter: kelly at bywatersolutions.com
QA Contact: testopia at bugs.koha-community.org
CC: m.de.rooy at rijksmuseum.nl
With the introduction of this bug,
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25498, public lists
can now be transferred to other staff. When testing this new feature, I was
able to transfer a list a staff member without any list permissions. Once this
transfer was successful, this staff member could edit the list, add and remove
titles from this public list. The one thing this staff member (who had no
permissions for lists) could not do was transfer the list to another person. I
believe that this transfer option should only be allowed to staff with list
permissions.
Test Plan
1. Staff member A creates a public list.
2. Staff member A transfers this public list to another staff member (staff
member b) without list permissions.
3. Staff Member B now has the ability to edit this public list and add/remove
items from this list.
--
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
More information about the Koha-bugs
mailing list