[Koha-bugs] [Bug 32971] New: Access to ERM module requires 'erm' permission and 'vendors_manage' acquisition sub-permission
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Wed Feb 15 17:42:16 CET 2023
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=32971
Bug ID: 32971
Summary: Access to ERM module requires 'erm' permission and
'vendors_manage' acquisition sub-permission
Change sponsored?: ---
Product: Koha
Version: master
Hardware: All
OS: All
Status: In Discussion
Severity: enhancement
Priority: P5 - low
Component: ERM
Assignee: jonathan.druart+koha at gmail.com
Reporter: pedro.amorim at ptfs-europe.com
CC: jonathan.druart+koha at gmail.com,
jonathan.field at ptfs-europe.com,
martin.renvoize at ptfs-europe.com,
pedro.amorim at ptfs-europe.com, tomascohen at gmail.com
Depends on: 32968
To reproduce:
- Enable ERMModule
- Login as a staff member that only has 2 permissions:
-- catalogue (required for staff login)
-- erm
- Access erm page, check the 403 forbidden error
This happens because ERM module is requesting the /api/v1/acquisitions/vendors
api endpoint which in turn requires the vendors_manage sub-permission (see
acquisitions_vendors.yaml).
If you enable the acquisition vendors_manage sub-permission for that user,
you're able to confirm that you can now access the ERM module as expected.
Ideally, having just the 'erm' permission should be enough to be granted access
to ERM.
Referenced Bugs:
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=32968
[Bug 32968] Create granular permissions for ERM
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list