[Koha-bugs] [Bug 12528] Enable staff to deny message setting access to patrons on the OPAC

[bugzilla-daemon at bugs.koha-community.org]

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=12528

--- Comment #52 from Jonathan Druart <jonathan.druart at bugs.koha-community.org> ---
(In reply to Eric Bégin from comment #51)
> Howdy !
> 
> > There is no need to ask for a signoff, it will fail QA.
> The latest commit by Bouzid fixed the problem from accessing the page when
> disabled (BTW, I asked him to change the code to have a single IF / ELSE
> statement in the .tt and change the pref name for
> EnhancedMessagingPreferencesOPAC which he will commit soon).

No, it's not. Please see, read and follow link on comment 46:
"Another issue is that there is no check in the opac/opac-messaging.pl script
to forbid the user to modify the messaging changes, see my quick patch on bug
9254 comment 16."
It's not because a page is not accessible that a user cannot call it and pass
parameters via POST or GET.

> Concerning bug 9254, it basically add another option to the
> EnhancedMessagingPreferencesOPAC, so, from my understanding it's not quite a
> duplicate, but an enhancement of this one, as Francois pointed out.

We already discussed about that here, and we all on that.
The discussions are exactly the same on both bug report, that's why I said it's
a duplicate.

> @Jonathan : Just want to check with you that this bug will move forward if
> we fix the behaviour when accessing the URL and changing the pref name.

Yes.

-- 
You are receiving this mail because:
You are watching all bug changes.