[Koha-bugs] [Bug 18756] Users can view aq.baskets even if they are not allowed
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Sun Jun 11 10:03:29 CEST 2017
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18756
Josef Moravec <josef.moravec at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #64103|0 |1
is obsolete| |
--- Comment #2 from Josef Moravec <josef.moravec at gmail.com> ---
Created attachment 64179
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=64179&action=edit
[SIGNED-OFF] Bug 18756: Users can view aq.baskets even if they are not allowed
Due to bad use of grep syntax if there is one or more Basket Users the result
of grep is not equal to 0 and the borrower is allowed.
Test plan :
1- select system preference 'AcqViewBaskets' on 'user'
2- create 2 borrowers (A, B) with only permissions on acquisition :
group_manage
order_manage
order_receive
staff
3- login with A and create a basket
4- add a basquet manager other than B
5- relog with account B
6- you can see the basket
Apply the patch.
The basket is no longer visible.
1- relog with A
2- add basquet manager B
3- relog with B
5- you must see the basket
Signed-off-by: Josef Moravec <josef.moravec at gmail.com>
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list