[Koha-bugs] [Bug 22724] Staff without writeoff permissions have access to 'Write off selected' button on Pay Fines tab
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Thu May 9 00:34:25 CEST 2019
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22724
Liz Rea <wizzyrea at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #89482|0 |1
is obsolete| |
--- Comment #5 from Liz Rea <wizzyrea at gmail.com> ---
Created attachment 89485
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=89485&action=edit
Bug 22724: (follow-up) Block writeoffs when user has wrong permissions
This patch is a followup which displays an alert and removes the submit
button when a user who does not have writeoff permissions manages to
make it to the 'Make a payment' tab with a writeoff URL.
Test plan:
1) Login as a staff user with writeoff permissions disabled, ensure you
have sample users, then click
the URL:
http://localhost:8081/cgi-bin/koha/members/paycollect.pl?borrowernumber=21&type=writeoff&amt=4&selected=1¬es=
=> Note that you are able to write off the charge with no warning
2) Apply the patch
3) Repeat step 1
=> Note that an alert displays and the button to confirm the writeoff
has been removed
4) Repeat step 1, this time logging in as a staff user with writeoff
permissions enabled
=> Note that the button displays and you can perform the writeoff
Sponsored-by: Catalyst IT
Signed-off-by: Liz Rea <wizzyrea at gmail.com>
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list