[Koha-bugs] [Bug 34306] Able to access tools without permission
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Wed Jul 19 07:08:05 CEST 2023
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34306
David Cook <dcook at prosentient.com.au> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |dcook at prosentient.com.au
--- Comment #3 from David Cook <dcook at prosentient.com.au> ---
The title for this bug is misleading.
There isn't anonymous access to /cgi-bin/koha/labels/spinelabel-home.pl. That
page does require permission to access it.
It looks like a case where it uses the "catalogue" permission when perhaps it
could use the "tools > label_creator" subpermission instead.
That said, changing the permission now could cause many staff to no longer be
able to create spine labels after upgrading to a patched version.
Since they're spine labels and not borrower information, I don't think it's too
concerning.
Perhaps a case could be made for requiring either "editcatalogue" or "tools >
label_creator". Since spinelabel-home.pl is now accessible via Cataloguing
rather than Tools, it might make sense to put it under the cataloguing
permission.
--
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
More information about the Koha-bugs
mailing list