Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity

Bug 28882: permission UI allows selection of superlibrarian permission

Browse source 
With bug 20100 and 22150 we allow to select all the permissions but the
superlibrarian permission, to ease the selection. And we also forbid a
non-superlibrarian user to add superlibrarian permission.

However there is something wrong in the JS code and it's possible to add
the superlibrarian permission. The user is getting an ugly 500 and so
the permission change is not done, but the UI checks must be fixed.

To recreate:
Login with a non-superlibrarian user
Edit permission
Clear all
=> You can select the "superlibrarian" permission

Test plan:
Login with a non-superlibrarian user
Try to set the superlibrarian permissions to a user
=> not possible
Try the select all/clear all
=> still cannot set the superlibrarian permission

Work to be done:
Login with a non-superlibrarian user
Edit permissions for a superlibrarian user
=> You can remove it, then cannot add it back
Should we allow removal of superlibrarian permission by
non-superlibrarian user?

Signed-off-by: Hayley Pelham <hayleypelham@catalyst.net.nz>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This commit is contained in:
Jonathan Druart 2021-08-19 15:07:50 +02:00
parent 53b435ff03
commit 3f58ecb609
1 changed files with 9 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
koha-tmpl/intranet-tmpl/prog/en/modules/members/member-flags.tt
View file

@ -69,14 +69,14 @@
[% END %]
[% IF ( loo.checked ) %]
[% IF disable_superlibrarian_privs && loo.bit == 0 %]
<input type="checkbox" disabled="disabled" data-bit="[% loo.bit | html %]" id="flag-[% loo.bit | html %]_disabled" class="parent flag superlib" name="flag" value="[% loo.flag | html %]" checked="checked" title="The system preference ProtectSuperlibrarianPrivileges is enabled" />
<input type="hidden" id="flag-[% loo.bit | html %]" name="flag" value="[% loo.flag | html %]" >
<input type="checkbox" disabled="disabled" data-bit="0" id="flag-0" class="parent flag superlib" name="flag" value="[% loo.flag | html %]" checked="checked" title="The system preference ProtectSuperlibrarianPrivileges is enabled" />
<input type="hidden" id="flag-0" name="flag" value="[% loo.flag | html %]" >
[% ELSE %]
<input type="checkbox" data-bit="[% loo.bit | html %]" id="flag-[% loo.bit | html %]" class="parent flag" name="flag" value="[% loo.flag | html %]" checked="checked" />
[% END %]
[% ELSE %]
[% IF disable_superlibrarian_privs && loo.bit == 0 %]
<input type="checkbox" disabled="disabled" class="flag parent" data-bit="[% loo.bit | html %]" id="flag-[% loo.bit | html %]_disabled" name="flag" value="[% loo.flag | html %]" title="The system preference ProtectSuperlibrarianPrivileges is enabled" />
<input type="checkbox" disabled="disabled" class="flag parent" data-bit="0" id="flag-0" name="flag" value="[% loo.flag | html %]" title="The system preference ProtectSuperlibrarianPrivileges is enabled" />
[% ELSE %]
<input type="checkbox" class="flag parent" data-bit="[% loo.bit | html %]" id="flag-[% loo.bit | html %]" name="flag" value="[% loo.flag | html %]" />
[% END %]
@ -131,10 +131,16 @@
$(".flag").attr("disabled", false);
$(".flag").prop("checked", true);
$("#flag-0").prop("checked", false);
[% IF disable_superlibrarian_privs %]
$("#flag-0").prop("disabled", true);
[% END %]
return false;
});
$("#UncheckAllFlags").on("click",function(){
$(".flag").attr("disabled", false);
[% IF disable_superlibrarian_privs %]
$("#flag-0").prop("disabled", true);
[% END %]
$(".flag").prop("checked", false);
return false;
});