[Koha-bugs] [Bug 13910] Prevent delete of one's own patron account
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Wed Apr 29 11:31:13 CEST 2015
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=13910
Jonathan Druart <jonathan.druart at biblibre.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #38638|0 |1
is obsolete| |
Attachment #38650|0 |1
is obsolete| |
--- Comment #8 from Jonathan Druart <jonathan.druart at biblibre.com> ---
Created attachment 38651
-->
http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=38651&action=edit
Bug 13910 - Prevent delete of one's own patron account
This patch adds a check to prevent deleting the user's own account.
Additionali it fixes a "missing link" in moremember.pl and wrong comparisions
in moremember.tt regarding other forbidden deleting.
To test:
- Apply patch
- Create a user with sufficient privileges to delete users
- Log in as this new user
- Try to delete this user. Confirm message box "Are you sure..."
- Confirm that you get a message "Not allowed to delete own account" and that
the user still exists.
Bonus test:
Try to trigger other forbidden deletions (see members/deletemem.pl):
'CANT_DELETE_STAFF', 'CANT_DELETE_OTHERLIBRARY', 'CANT_DELETE'
(You can fake it by using an URL like:
/cgi-bin/koha/members/moremember.pl?borrowernumber=115&error=CANT_DELETE_STAFF
etc.)
Without patch, no message appears. With patch, messages appear as appropriate.
Signed-off-by: Mark Tompsett <mtompset at hotmail.com>
NOTE: Attempted all CANT combinations. From reading the code,
this is kind of an important patch, because I'm not sure
deleting error messages work at all right now based on what
I read.
Signed-off-by: Jonathan Druart <jonathan.druart at biblibre.com>
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list