https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30623 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dcook@prosentient.com.au --- Comment #12 from David Cook <dcook@prosentient.com.au> --- I'm not sure I'm a fan in terms of the UX but I don't see an issue from the security side. At a glance, it seems to only be copying the permission flags, so there is no data tying the permission flags to a particular user. The actual update is done server-side anyway, so it wouldn't be bypassing any authorization/validation steps. -- You are receiving this mail because: You are watching all bug changes.