projects / koha.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 19a7b49) | patch
Bug 18898 - Some permissions for Reports can be bypassed
authorDavid Cook <dcook@prosentient.com.au>
Thu, 27 Jul 2017 01:58:28 +0000 (11:58 +1000)
committerJonathan Druart <jonathan.druart@bugs.koha-community.org>
Wed, 9 Aug 2017 19:51:41 +0000 (16:51 -0300)
commit2fdfbaf0ddbf214c0efb9a3a3c2595a54517f795
treef3b92755e4dc97676e0a83ecea61fd6731ae322dtree | snapshot
parent19a7b498e1f4355ab1e4ee0adb5db299613f3f5ccommit | diff
Bug 18898 - Some permissions for Reports can be bypassed

If you manually visit the following links when you only have
permission to run reports, you'll still be able to access the ability
to create and edit reports:

/cgi-bin/koha/reports/guided_reports.pl?phase=Create%20report%20from%20SQL
/cgi-bin/koha/reports/guided_reports.pl?phase=Edit%20SQL

This patch ties these 2 unaccounted for phases to the create_reports
permission.

With patch, issue no longer can be reproduced.
Signed-off-by: Marc VĂ©ron <veron@veron.ch>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
reports/guided_reports.pl diff | blob | history
Main Koha release repository