[Koha-bugs] [Bug 32968] Create granular permissions for ERM
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Fri Apr 21 19:04:14 CEST 2023
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=32968
--- Comment #58 from Pedro Amorim <pedro.amorim at ptfs-europe.com> ---
(In reply to Jonathan Druart from comment #46)
> 1. Should we restrict access to the whole ERM module is vendor_manage is not
> set?
I don't know :) Also, see comment #49
> 2. I can list agreements even if I have only erm_eholdings. It's confusing
> as we don't have access to "Licenses".
It's working as intented. I followed your suggestion on comment #3, to me it
makes sense because eHoldings may be related to agreements, but not licenses.
Either way, I'm open to suggestions about this, should eHoldings write
permission give read-only permission to both agreements+licenses?
> 3. EBSCO Add to/Remove from holdings buttons should be removed with only
> erm_show
> 4. Same for "Add new agreement" on EBSCO pkg show view
Yes, thanks! I missed EBSCO permissions in these patches. Will provide patches
for this when I find the time.
> 5. I don't get an error when I access /cgi-bin/koha/erm/licenses/edit/1 with
> only erm_show (same for agreement)
You don't get an error, you are redirected to /cgi-bin/koha/erm/erm.pl. If this
is what you are experiencing, do you think it would be preferable to show an
error page instead? (I don't think this is important, this is just a permission
double-check in case the user attempts to access content that he doesn't have
permission to, directly through the URL). Error or not, user doesn't have
access to the content he's not permitted to.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list