[Koha-bugs] [Bug 26023] Incorrect permissions handling for cashup actions on the library level registers summary page
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Fri Aug 21 01:10:12 CEST 2020
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26023
Katrin Fischer <katrin.fischer at bsz-bw.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #108171|0 |1
is obsolete| |
--- Comment #11 from Katrin Fischer <katrin.fischer at bsz-bw.de> ---
Created attachment 108772
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=108772&action=edit
Bug 26023: Properly secure the cashup action for libraries
The libraries summary page for cash management is available for users
wit the 'anonymous_refund' permission to allow them to navigate to
alternate cash registers and search for the prior transaction to refund.
However, currently the cashup option appears, and is not blocked at the
server, for all user who may access the page. It should be blocked for
those users without the 'cashup' permission.
Signed-off-by: Nick Clemens <nick at bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83 at web.de>
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list