Browse Source

Bug 27716: Update permissions for patroncards creator

The various subpages of the label creator tool we're under the
'catalogue' permission. There is however a 'label_creator' subpermission
of tools which is more appropriate.

Test plan
1/ Setup a user with just the 'catelogue' permission (to enable logging
into the staff interface)
2/ With the patch applied you should not be able to access the following
pages (either via navigation in the UI or by typing them into the
browser address bar directly)
  - /patroncards/add_user_search.pl
  - /patroncards/edit-batch.pl
  - /patroncards/edit-layout.pl
  - /patroncards/edit-profile.pl
  - /patroncards/edit-template.pl
  - /patroncards/home.pl
  - /patroncards/image-manage.pl
  - /patroncards/manage.pl
  - /patroncards/print.pl
3/ Signoff

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
master
9 changed files with 9 additions and 9 deletions
  1. +1
    -1
      patroncards/add_user_search.pl
  2. +1
    -1
      patroncards/edit-batch.pl
  3. +1
    -1
      patroncards/edit-layout.pl
  4. +1
    -1
      patroncards/edit-profile.pl
  5. +1
    -1
      patroncards/edit-template.pl
  6. +1
    -1
      patroncards/home.pl
  7. +1
    -1
      patroncards/image-manage.pl
  8. +1
    -1
      patroncards/manage.pl
  9. +1
    -1
      patroncards/print.pl

+ 1
- 1
patroncards/add_user_search.pl View File

@@ -34,7 +34,7 @@ my ( $template, $loggedinuser, $cookie, $staff_flags ) = get_template_and_user(
{ template_name => "common/patron_search.tt",
query => $input,
type => "intranet",
flagsrequired => { catalogue => 1 },
flagsrequired => { tools => 'label_creator' },
}
);



+ 1
- 1
patroncards/edit-batch.pl View File

@@ -37,7 +37,7 @@ my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
template_name => "patroncards/edit-batch.tt",
query => $cgi,
type => "intranet",
flagsrequired => { catalogue => 1 },
flagsrequired => { tools => 'label_creator' },
debug => 1,
}
);


+ 1
- 1
patroncards/edit-layout.pl View File

@@ -36,7 +36,7 @@ my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
template_name => "patroncards/edit-layout.tt",
query => $cgi,
type => "intranet",
flagsrequired => { catalogue => 1 },
flagsrequired => { tools => 'label_creator' },
debug => 1,
}
);


+ 1
- 1
patroncards/edit-profile.pl View File

@@ -33,7 +33,7 @@ my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
template_name => "patroncards/edit-profile.tt",
query => $cgi,
type => "intranet",
flagsrequired => { catalogue => 1 },
flagsrequired => { tools => 'label_creator' },
debug => 1,
}
);


+ 1
- 1
patroncards/edit-template.pl View File

@@ -34,7 +34,7 @@ my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
template_name => "patroncards/edit-template.tt",
query => $cgi,
type => "intranet",
flagsrequired => { catalogue => 1 },
flagsrequired => { tools => 'label_creator' },
debug => 1,
}
);


+ 1
- 1
patroncards/home.pl View File

@@ -31,7 +31,7 @@ my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
template_name => "patroncards/home.tt",
query => $cgi,
type => "intranet",
flagsrequired => { catalogue => 1 },
flagsrequired => { tools => 'label_creator' },
debug => 1,
}
);


+ 1
- 1
patroncards/image-manage.pl View File

@@ -19,7 +19,7 @@ my ($template, $loggedinuser, $cookie) = get_template_and_user({
template_name => "patroncards/image-manage.tt",
query => $cgi,
type => "intranet",
flagsrequired => {tools => 'batch_upload_patron_images'}, # FIXME: establish flag for patron card creator
flagsrequired => {tools => 'label_creator'},
debug => 0,
});



+ 1
- 1
patroncards/manage.pl View File

@@ -37,7 +37,7 @@ my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
template_name => "patroncards/manage.tt",
query => $cgi,
type => "intranet",
flagsrequired => { catalogue => 1 },
flagsrequired => { tools => 'label_creator' },
debug => 1,
}
);


+ 1
- 1
patroncards/print.pl View File

@@ -33,7 +33,7 @@ my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
template_name => "patroncards/print.tt",
query => $cgi,
type => "intranet",
flagsrequired => { catalogue => 1 },
flagsrequired => { tools => 'label_creator' },
debug => 1,
}
);


Loading…
Cancel
Save