[Koha-bugs] [Bug 643] Allow override of 'debarred' status
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Tue Sep 23 16:18:48 CEST 2014
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=643
M. Tompsett <mtompset at hotmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #31564|0 |1
is obsolete| |
--- Comment #16 from M. Tompsett <mtompset at hotmail.com> ---
Created attachment 31837
-->
http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=31837&action=edit
Bug 643: QA Followup - server-side verification of permissions
Only allow $force_allow=1 if the logged in user has permissions.
TEST PLAN
---------
Attempt to intentionally override the checkout by passing an
appropriately handcrafted URL.
-- Regardless of the force_allow value, it should be not allowed
for those lacking the force_checkout permission.
NOTE: I didn't test this. I figured Marc Veron could do that. :)
(Sorry, couldn't easily get git bz to work with the accent)
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list