[Koha-bugs] [Bug 15520] Add more granular permission for only editing own library's circ rules
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Tue May 22 15:21:20 CEST 2018
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15520
Nick Clemens <nick at bywatersolutions.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |nick at bywatersolutions.com
--- Comment #12 from Nick Clemens <nick at bywatersolutions.com> ---
(In reply to Josef Moravec from comment #10)
> This is not the logged in user's home library, it is the library where the
> user is logged in now - so when user change library, he/she could change
> another's library rules!
I (In reply to Katrin Fischer from comment #11)
> But couldn't they change the home library in their records too?
> I think in general we got a problem there, that you can get around the
> limits, maybe the logged-in library is more helpful?
I think this should be the user's logged in library - for extra protection I
think the library would implement AutoLocation and limit logged in site by ip
so this would require some extra steps but would also be a first level guard
against accidentally altering other rules
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list