From 3f58ecb609107cead637734d43bff277f564ce12 Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Thu, 19 Aug 2021 15:07:50 +0200 Subject: [PATCH] Bug 28882: permission UI allows selection of superlibrarian permission With bug 20100 and 22150 we allow to select all the permissions but the superlibrarian permission, to ease the selection. And we also forbid a non-superlibrarian user to add superlibrarian permission. However there is something wrong in the JS code and it's possible to add the superlibrarian permission. The user is getting an ugly 500 and so the permission change is not done, but the UI checks must be fixed. To recreate: Login with a non-superlibrarian user Edit permission Clear all => You can select the "superlibrarian" permission Test plan: Login with a non-superlibrarian user Try to set the superlibrarian permissions to a user => not possible Try the select all/clear all => still cannot set the superlibrarian permission Work to be done: Login with a non-superlibrarian user Edit permissions for a superlibrarian user => You can remove it, then cannot add it back Should we allow removal of superlibrarian permission by non-superlibrarian user? Signed-off-by: Hayley Pelham Signed-off-by: Marcel de Rooy Signed-off-by: Jonathan Druart --- .../prog/en/modules/members/member-flags.tt | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/members/member-flags.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/members/member-flags.tt index 1a87c6af3a..d2f4156f51 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/members/member-flags.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/members/member-flags.tt @@ -69,14 +69,14 @@ [% END %] [% IF ( loo.checked ) %] [% IF disable_superlibrarian_privs && loo.bit == 0 %] - - + + [% ELSE %] [% END %] [% ELSE %] [% IF disable_superlibrarian_privs && loo.bit == 0 %] - + [% ELSE %] [% END %] @@ -131,10 +131,16 @@ $(".flag").attr("disabled", false); $(".flag").prop("checked", true); $("#flag-0").prop("checked", false); + [% IF disable_superlibrarian_privs %] + $("#flag-0").prop("disabled", true); + [% END %] return false; }); $("#UncheckAllFlags").on("click",function(){ $(".flag").attr("disabled", false); + [% IF disable_superlibrarian_privs %] + $("#flag-0").prop("disabled", true); + [% END %] $(".flag").prop("checked", false); return false; });