1a54f0916e
This patch adds a check to prevent deleting the user's own account. Additionali it fixes a "missing link" in moremember.pl and wrong comparisions in moremember.tt regarding other forbidden deleting. To test: - Apply patch - Create a user with sufficient privileges to delete users - Log in as this new user - Try to delete this user. Confirm message box "Are you sure..." - Confirm that you get a message "Not allowed to delete own account" and that the user still exists. Bonus test: Try to trigger other forbidden deletions (see members/deletemem.pl): 'CANT_DELETE_STAFF', 'CANT_DELETE_OTHERLIBRARY', 'CANT_DELETE' (You can fake it by using an URL like: /cgi-bin/koha/members/moremember.pl?borrowernumber=115&error=CANT_DELETE_STAFF etc.) Without patch, no message appears. With patch, messages appear as appropriate. Signed-off-by: Mark Tompsett <mtompset@hotmail.com> NOTE: Attempted all CANT combinations. From reading the code, this is kind of an important patch, because I'm not sure deleting error messages work at all right now based on what I read. Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com> Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de> Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com> |
||
|---|---|---|
| .. | ||
| css | ||
| data | ||
| includes | ||
| js | ||
| lib/yui | ||
| modules | ||
| xslt | ||
| columns.def | ||