The script catalogue/getitem-ajax.pl is called by acqui/orderreceive.pl
when item is receipt.
There is not auth check done, this means anybody can retrieve item info.
Test plan:
With the acquisition => order_receive permission, try to receive an
item.
It should work.
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Very easy to test.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
http://bugs.koha-community.org/show_bug.cgi?id=9987
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
If AcqCreateItem=ordering, when you receive an order, you now have a
list of all created items and checkboxes that permit you to choose which
items you want to receive.
A 'Edit' link open additem.pl page in a popup to allow you edit the
items before receiving them (popup is automatically closed after
modification, and items table is automatically updated)
If quantity is set manually in the text box, the appropriate number of
checkbox are checked from top to bottom and a warning shows up if
quantity is greater than order quantity
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
