Browse Source

Bug 26721: Fix permission check on debit and credit type admin pages

At the moment the pages falsely check for parameters_remaining_permissions,
but they should check the specific manage_accounts permission.

To test:
- Create a new staff user with only catalog and manage_acccounts
  permissions
- Log in with this staff user and go to the admin page
- You will see the debit and credit type sections, but won't be
  able to access them
- Apply the patch
- Veriy the links still show, but pages are now accessible

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
20.11.x
Katrin Fischer 11 months ago
committed by Jonathan Druart
parent
commit
915b4431e5
  1. 2
      admin/credit_types.pl
  2. 2
      admin/debit_types.pl

2
admin/credit_types.pl

@ -38,7 +38,7 @@ my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
template_name => "admin/credit_types.tt",
query => $input,
type => "intranet",
flagsrequired => { parameters => 'parameters_remaining_permissions' },
flagsrequired => { parameters => 'manage_accounts' },
debug => 1,
}
);

2
admin/debit_types.pl

@ -38,7 +38,7 @@ my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
template_name => "admin/debit_types.tt",
query => $input,
type => "intranet",
flagsrequired => { parameters => 'parameters_remaining_permissions' },
flagsrequired => { parameters => 'manage_accounts' },
debug => 1,
}
);

Loading…
Cancel
Save