[Koha-bugs] [Bug 6846] Dont allow staff to change own permissions

Wed Jan 6 10:05:24 CET 2016

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6846

Marc Véron <veron at veron.ch> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |veron at veron.ch
           See Also|                            |http://bugs.koha-community.
                   |                            |org/bugzilla3/show_bug.cgi?
                   |                            |id=10573

--- Comment #4 from Marc Véron <veron at veron.ch> ---
This seems to work on current master. 

To verify:

- Give a test user following permisson
    - borrowers Add, modify and view patron information
    - permissions Set user permissions 
- Log in as test user
- Search a user, change the permission -> possible
- Search test user, try to change the permission -> error page not allowed

Though, because the borrowers permission is needed, somebody could create a new
patron and set there a higher level of permissions.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are watching all bug changes.