[Koha-bugs] [Bug 20707] Permissions for circ/ysearch.pl override specific page level permissions and delete sessions improperly
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Thu May 10 21:02:21 CEST 2018
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20707
Katrin Fischer <katrin.fischer at bsz-bw.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #75220|0 |1
is obsolete| |
--- Comment #6 from Katrin Fischer <katrin.fischer at bsz-bw.de> ---
Created attachment 75242
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=75242&action=edit
Bug 20707: Replace circ/search.pl circulate permission requirement with
catalogue
To test:
1 - Setup a staff patron with permissions:
- catalogue
- reserveforothers
- course_reserves
2 - Log in to staff client as that patron
3 - Find a record and click to place a hold
4 - Type more than three letters into the search bar but don't submit
5 - Note that you will not receive autocomplete results
6 - Either submit, or try to visit any page in staff client
7 - Your session has been expired, you must log in again
8 - Log in, go to course reserves
9 - As before, trigger the autocomplete search in the instrcutor field
10 - Again your session has been terminated
11 - Apply patch
12 - Repeat above actions, this time you will not be kicked out
Signed-off-by: Owen Leonard <oleonard at myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83 at web.de>
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list