[Bug 20100] Should a non-superlibrarian be able to add superlibrarian privileges?

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[Bug 20100] Should a non-superlibrarian be able to add superlibrarian privileges?

bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20100

--- Comment #19 from [hidden email] <[hidden email]> ---
Created attachment 72749
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=72749&action=edit
Bug 20100: Disallow access to superlib privileges at server side

Depends on pref ProtectSuperlibPrivs.
If enabled, script member-flags.pl will not allow you to add or remove
superlib privs when you are no superlibrarian.
The follow-up patch will enable the check at client side.

Test plan:
[1] Enable the pref. Do not apply the third patch (client side).
[2] Login as superlib and add/remove superlib privs to a staff user.
[3] Login as another user (no superlib, but having borrowers, permissions
    and staff_access). Verify that you have an internal server error when
    you add or remove superlib privs. The log contains a warning.

Signed-off-by: Marcel de Rooy <[hidden email]>

Signed-off-by: JM Broust <[hidden email]>

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/