[Koha-bugs] [Bug 18898] Some permissions for Reports can be bypassed
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Thu Jul 27 04:00:47 CEST 2017
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18898
--- Comment #4 from David Cook <dcook at prosentient.com.au> ---
Created attachment 65292
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=65292&action=edit
Bug 18898 - Some permissions for Reports can be bypassed
If you manually visit the following links when you only have
permission to run reports, you'll still be able to access the ability
to create and edit reports:
/cgi-bin/koha/reports/guided_reports.pl?phase=Create%20report%20from%20SQL
/cgi-bin/koha/reports/guided_reports.pl?phase=Edit%20SQL
This patch ties these 2 unaccounted for phases to the create_reports
permission.
--
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
More information about the Koha-bugs
mailing list