[Koha-bugs] [Bug 22724] Staff without writeoff permissions have access to 'Write off selected' button on Pay Fines tab
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Thu May 16 12:56:55 CEST 2019
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22724
--- Comment #14 from Nick Clemens <nick at bywatersolutions.com> ---
(In reply to Hayley Mapley from comment #13)
> The second patch that I added enforced removal of the submit button if the
> staff user managed to find a way to get to paycollect.tt to confirm the
> payment/writeoff (either through constructing a url or adding the button
> somehow). If the user doesn't have the permissions, the button will not be
> there. Is this button you talked about adding manually to the page?
>
> If this isn't your concern, I will look into the server side check you
> mentioned
>
> Thanks for looking at it!
Yup, that was the button I edited back in. I looked again today, we don't need
haspermission, we just need to make sure the page requires the writeoff
permission whenever it is a write off. Attaching a patch for testing
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list