[Koha-bugs] [Bug 643] Allow override of 'debarred' status
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Fri Oct 10 00:52:27 CEST 2014
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=643
--- Comment #22 from Katrin Fischer <katrin.fischer at bsz-bw.de> ---
Created attachment 32122
-->
http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=32122&action=edit
[PASSED QA] Bug 643: QA Followup - server-side verification of permissions
Only allow $force_allow=1 if the logged in user has permissions.
TEST PLAN
---------
Attempt to intentionally override the checkout by passing an
appropriately handcrafted URL.
-- Regardless of the force_allow value, it should be not allowed
for those lacking the force_checkout permission.
NOTE: I didn't test this. I figured Marc Veron could do that. :)
(Sorry, couldn't easily get git bz to work with the accent)
Signed-off-by: Nick Clemens <nick at quecheelibrary.org>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83 at web.de>
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list