[koha-commits] main Koha release repository branch 20.05.x updated. v20.05.03-36-gafd9828ba3

Git repo owner gitmaster at git.koha-community.org
Fri Sep 4 20:15:29 CEST 2020 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "main Koha release repository".

The branch, 20.05.x has been updated
       via  afd9828ba357fcbd16973c8e84a8a170eaf053ba (commit)
       via  e9591ae761c569b12c7641d9cc1733c4879108fe (commit)
      from  a5d4e0cd66dcd9ccfaad7f8c6a4033483ead4769 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit afd9828ba357fcbd16973c8e84a8a170eaf053ba
Author: Martin Renvoize <martin.renvoize at ptfs-europe.com>
Date:   Tue Aug 4 15:02:03 2020 +0100

    Bug 26023: Properly secure the cashup and refund actions
    
    The cash register summary page for cash management is available for users
    with the 'anonymous_refund' or 'cashup' permission and the actions available
    are appropriately displayed.
    
    However, the actions are not yet correctly tested for at the server and
    so a user may force submit to accomplish the action.
    
    Signed-off-by: Nick Clemens <nick at bywatersolutions.com>
    
    Signed-off-by: Katrin Fischer <katrin.fischer.83 at web.de>
    
    Signed-off-by: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
    (cherry picked from commit e0420165694c790f2346fb598862e4aacfdf0fcc)
    
    Signed-off-by: Lucas Gass <lucas at bywatersolutions.com>

commit e9591ae761c569b12c7641d9cc1733c4879108fe
Author: Martin Renvoize <martin.renvoize at ptfs-europe.com>
Date:   Mon Jul 20 09:44:05 2020 +0100

    Bug 26023: Properly secure the cashup action for libraries
    
    The libraries summary page for cash management is available for users
    wit the 'anonymous_refund' permission to allow them to navigate to
    alternate cash registers and search for the prior transaction to refund.
    
    However, currently the cashup option appears, and is not blocked at the
    server, for all user who may access the page. It should be blocked for
    those users without the 'cashup' permission.
    
    Signed-off-by: Nick Clemens <nick at bywatersolutions.com>
    
    Signed-off-by: Katrin Fischer <katrin.fischer.83 at web.de>
    
    Signed-off-by: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
    (cherry picked from commit 4356e678f2254707c48a6f89658ed089a6b9e662)
    
    Signed-off-by: Lucas Gass <lucas at bywatersolutions.com>

-----------------------------------------------------------------------

Summary of changes:
 .../intranet-tmpl/prog/en/modules/pos/register.tt  | 12 ++++
 .../intranet-tmpl/prog/en/modules/pos/registers.tt | 20 +++++-
 pos/register.pl                                    | 82 ++++++++++++----------
 pos/registers.pl                                   | 29 ++++----
 4 files changed, 94 insertions(+), 49 deletions(-)


hooks/post-receive
-- 
main Koha release repository

More information about the koha-commits mailing list