[Koha-bugs] [Bug 643] Allow override of 'debarred' status
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Sun Oct 5 03:47:31 CEST 2014
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=643
Nick Clemens <nick at quecheelibrary.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #31837|0 |1
is obsolete| |
--- Comment #19 from Nick Clemens <nick at quecheelibrary.org> ---
Created attachment 31999
-->
http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=31999&action=edit
[SIGNED OFF] Bug 643: QA Followup - server-side verification of permissions
Only allow $force_allow=1 if the logged in user has permissions.
TEST PLAN
---------
Attempt to intentionally override the checkout by passing an
appropriately handcrafted URL.
-- Regardless of the force_allow value, it should be not allowed
for those lacking the force_checkout permission.
NOTE: I didn't test this. I figured Marc Veron could do that. :)
(Sorry, couldn't easily get git bz to work with the accent)
Signed-off-by: Nick Clemens <nick at quecheelibrary.org>
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list