https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20100 Marcel de Rooy <m.de.rooy@rijksmuseum.nl> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #71092|0 |1 is obsolete| | --- Comment #14 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- Created attachment 72261 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=72261&action=edit Bug 20100: Disallow access to superlib privileges at server side Depends on pref ProtectSuperlibPrivs. If enabled, script member-flags.pl will not allow you to add or remove superlib privs when you are no superlibrarian. The follow-up patch will enable the check at client side. Test plan: [1] Enable the pref. Do not apply the third patch (client side). [2] Login as superlib and add/remove superlib privs to a staff user. [3] Login as another user (no superlib, but having borrowers, permissions and staff_access). Verify that you have an internal server error when you add or remove superlib privs. The log contains a warning. Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> -- You are receiving this mail because: You are watching all bug changes.