[Koha-bugs] [Bug 22724] Staff without writeoff permissions have access to 'Write off selected' button on Pay Fines tab
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Tue May 14 21:28:45 CEST 2019
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22724
Nick Clemens <nick at bywatersolutions.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |nick at bywatersolutions.com
QA Contact|testopia at bugs.koha-communit |katrin.fischer at bsz-bw.de
|y.org |
Status|Passed QA |Failed QA
--- Comment #11 from Nick Clemens <nick at bywatersolutions.com> ---
Hi Hayley,
We need a server side check here for the permissions. With these patches I can
inspect the element, add the write-off button to submit, and write off the
charge
This is probably true for payments as well. This will prevent 90% of the cases,
but we should probably strictly enforce.
You can git grep for haspermission to see some examples
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list