[Bug 26721] New: Debit and credit type pages should check for the specific permission
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26721 Bug ID: 26721 Summary: Debit and credit type pages should check for the specific permission Change sponsored?: --- Product: Koha Version: master Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 - low Component: Architecture, internals, and plumbing Assignee: koha-bugs@lists.koha-community.org Reporter: katrin.fischer@bsz-bw.de QA Contact: testopia@bugs.koha-community.org At the moment, the pages check for: admin/credit_types.pl: flagsrequired => { parameters => 'parameters_remaining_permissions' }, admin/debit_types.pl: flagsrequired => { parameters => 'parameters_remaining_permissions' }, But the templates like admin home page check for the correct specific permission: [% IF ( CAN_user_parameters_manage_accounts ) %] -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26721 Katrin Fischer <katrin.fischer@bsz-bw.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |Needs Signoff Patch complexity|--- |Trivial patch -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26721 --- Comment #1 from Katrin Fischer <katrin.fischer@bsz-bw.de> --- Created attachment 111947 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=111947&action=edit Bug 26721: Fix permission check on debit and credit type admin pages At the moment the pages falsely check for parameters_remaining_permissions, but they should check the specific manage_accounts permission. To test: - Create a new staff user with only catalog and manage_acccounts permissions - Log in with this staff user and go to the admin page - You will see the debit and credit type sections, but won't be able to access them - Apply the patch - Veriy the links still show, but pages are now accessible -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26721 Katrin Fischer <katrin.fischer@bsz-bw.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|enhancement |normal Keywords| |Academy Assignee|koha-bugs@lists.koha-commun |katrin.fischer@bsz-bw.de |ity.org | -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26721 Chris Cormack <chris@bigballofwax.co.nz> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Needs Signoff |Signed Off -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26721 Chris Cormack <chris@bigballofwax.co.nz> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #111947|0 |1 is obsolete| | --- Comment #2 from Chris Cormack <chris@bigballofwax.co.nz> --- Created attachment 112481 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=112481&action=edit Bug 26721: Fix permission check on debit and credit type admin pages At the moment the pages falsely check for parameters_remaining_permissions, but they should check the specific manage_accounts permission. To test: - Create a new staff user with only catalog and manage_acccounts permissions - Log in with this staff user and go to the admin page - You will see the debit and credit type sections, but won't be able to access them - Apply the patch - Veriy the links still show, but pages are now accessible Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26721 Martin Renvoize <martin.renvoize@ptfs-europe.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #112481|0 |1 is obsolete| | --- Comment #3 from Martin Renvoize <martin.renvoize@ptfs-europe.com> --- Created attachment 112825 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=112825&action=edit Bug 26721: Fix permission check on debit and credit type admin pages At the moment the pages falsely check for parameters_remaining_permissions, but they should check the specific manage_accounts permission. To test: - Create a new staff user with only catalog and manage_acccounts permissions - Log in with this staff user and go to the admin page - You will see the debit and credit type sections, but won't be able to access them - Apply the patch - Veriy the links still show, but pages are now accessible Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26721 Martin Renvoize <martin.renvoize@ptfs-europe.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Signed Off |Passed QA CC| |martin.renvoize@ptfs-europe | |.com --- Comment #4 from Martin Renvoize <martin.renvoize@ptfs-europe.com> --- Dang.. how did I get these mismatched! Works as expected, thanks for the fix Katrin. Passing QA -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26721 Martin Renvoize <martin.renvoize@ptfs-europe.com> changed: What |Removed |Added ---------------------------------------------------------------------------- QA Contact|testopia@bugs.koha-communit |martin.renvoize@ptfs-europe |y.org |.com -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26721 Jonathan Druart <jonathan.druart@bugs.koha-community.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Version(s)| |20.11.00 released in| | Status|Passed QA |Pushed to master -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26721 --- Comment #5 from Jonathan Druart <jonathan.druart@bugs.koha-community.org> --- Pushed to master for 20.11, thanks to everybody involved! -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26721 Lucas Gass <lucas@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |lucas@bywatersolutions.com --- Comment #6 from Lucas Gass <lucas@bywatersolutions.com> --- does not apply cleanly to 20.05.x, no backport -- You are receiving this mail because: You are watching all bug changes.
participants (1)
-
bugzilla-daemon@bugs.koha-community.org