[Koha-bugs] [Bug 6390] Basket only visible for librarian who created it
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Sun Jul 31 15:47:03 CEST 2011
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6390
Edgar Fuß <ef at math.uni-bonn.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |ef at math.uni-bonn.de
--- Comment #1 from Edgar Fuß <ef at math.uni-bonn.de> 2011-07-31 13:47:03 UTC ---
As I need this functionality too, I just implemented the ``see mine/my
branch/all'' suggestion.
I added a new syspref, AcqViewBaskets, taking the values user/branch/all.
The required MySQL statement to add this to the database is:
INSERT INTO `systempreferences` (variable,value,options,explanation,type)
VALUES ('AcqViewBaskets','user','user|branch|all','Define which baskets a user
is allowed to view: his own only, any within his branch or all','Choice');
I don't feel comfortable enough with the automatic version tracking/database
updating machinery to implement the changes need for that.
For the change proper, see attached patch.
However, that's all no real security as long as you can just pass ?basketno=nnn
to all of the scripts handling baskets. You either have to change these or to
randomise basket numbers.
--
Configure bugmail: http://bugs.koha-community.org/bugzilla3/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA Contact for the bug.
More information about the Koha-bugs
mailing list