[Koha-bugs] [Bug 20100] Should a non-superlibrarian be able to add superlibrarian privileges?
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Fri Apr 20 13:54:43 CEST 2018
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20100
--- Comment #22 from Nick Clemens <nick at bywatersolutions.com> ---
Created attachment 74619
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=74619&action=edit
Bug 20100: Disallow access to superlib privileges at server side
Depends on pref ProtectSuperlibPrivs.
If enabled, script member-flags.pl will not allow you to add or remove
superlib privs when you are no superlibrarian.
The follow-up patch will enable the check at client side.
Test plan:
[1] Enable the pref. Do not apply the third patch (client side).
[2] Login as superlib and add/remove superlib privs to a staff user.
[3] Login as another user (no superlib, but having borrowers, permissions
and staff_access). Verify that you have an internal server error when
you add or remove superlib privs. The log contains a warning.
Signed-off-by: Marcel de Rooy <m.de.rooy at rijksmuseum.nl>
Signed-off-by: JM Broust <jean-manuel.broust at univ-lyon2.fr>
Signed-off-by: Nick Clemens <nick at bywatersolutions.com>
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list