[Koha-bugs] [Bug 26023] Incorrect permissions handling for cashup actions on the library level registers summary page
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Thu Aug 20 18:10:12 CEST 2020
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26023
--- Comment #9 from Martin Renvoize <martin.renvoize at ptfs-europe.com> ---
(In reply to Katrin Fischer from comment #8)
> (In reply to Martin Renvoize from comment #2)
> > Test Plan
> > 1/ Setup some cash registers
> > 2/ Login as a user with just the 'refund' permission
Oops.. this should have been 'anonymous_refund'.. i.e. the subpermission in
cash_management rather than the subpermission of accounts.. my apologies.
>
> I have a bit of trouble following the test plan here:
>
> 1-4)
> My user has catalog and refund permissions.
> With the patch applied, this prevents me from accessing:
> http://localhost:8081/cgi-bin/koha/pos/registers.pl
See above: However I do wonder if at some point the availability of this page
may need/want to fall outside of the cash_management permissions or have it's
own permission associated with it (one for another bug however, once I
understand the possible use case)
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list