[koha-commits] main Koha release repository branch 20.05.x updated. v20.05.03-36-gafd9828ba3
Git repo owner
gitmaster at git.koha-community.org
Fri Sep 4 20:15:29 CEST 2020
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "main Koha release repository".
The branch, 20.05.x has been updated
via afd9828ba357fcbd16973c8e84a8a170eaf053ba (commit)
via e9591ae761c569b12c7641d9cc1733c4879108fe (commit)
from a5d4e0cd66dcd9ccfaad7f8c6a4033483ead4769 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit afd9828ba357fcbd16973c8e84a8a170eaf053ba
Author: Martin Renvoize <martin.renvoize at ptfs-europe.com>
Date: Tue Aug 4 15:02:03 2020 +0100
Bug 26023: Properly secure the cashup and refund actions
The cash register summary page for cash management is available for users
with the 'anonymous_refund' or 'cashup' permission and the actions available
are appropriately displayed.
However, the actions are not yet correctly tested for at the server and
so a user may force submit to accomplish the action.
Signed-off-by: Nick Clemens <nick at bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83 at web.de>
Signed-off-by: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
(cherry picked from commit e0420165694c790f2346fb598862e4aacfdf0fcc)
Signed-off-by: Lucas Gass <lucas at bywatersolutions.com>
commit e9591ae761c569b12c7641d9cc1733c4879108fe
Author: Martin Renvoize <martin.renvoize at ptfs-europe.com>
Date: Mon Jul 20 09:44:05 2020 +0100
Bug 26023: Properly secure the cashup action for libraries
The libraries summary page for cash management is available for users
wit the 'anonymous_refund' permission to allow them to navigate to
alternate cash registers and search for the prior transaction to refund.
However, currently the cashup option appears, and is not blocked at the
server, for all user who may access the page. It should be blocked for
those users without the 'cashup' permission.
Signed-off-by: Nick Clemens <nick at bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83 at web.de>
Signed-off-by: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
(cherry picked from commit 4356e678f2254707c48a6f89658ed089a6b9e662)
Signed-off-by: Lucas Gass <lucas at bywatersolutions.com>
-----------------------------------------------------------------------
Summary of changes:
.../intranet-tmpl/prog/en/modules/pos/register.tt | 12 ++++
.../intranet-tmpl/prog/en/modules/pos/registers.tt | 20 +++++-
pos/register.pl | 82 ++++++++++++----------
pos/registers.pl | 29 ++++----
4 files changed, 94 insertions(+), 49 deletions(-)
hooks/post-receive
--
main Koha release repository
More information about the koha-commits
mailing list