Koha-community/Koha: Main Koha release repository - Koha: The world's first free and open source library system

Main Koha release repository https://koha-community.org

Find a file

Petro Vashchuk 921e3ac50f Bug 28759: limit accessibility for "Manage API keys" This patch limits the accessibility for "Manage API keys" section only to superlibrarians and the owner of that said API key account. The way it does it is by checking if user is superlibrarian or if logged-in user is the same as a patron id/borrower number is the same as logged-in user number both in template and apikeys.pl and making sure the link is inaccessible or redirects to the 403 page if user tries to go there directly. To reproduce: 1) create/pick existing patron, set Staff access, allows viewing of catalogue in staff interface (catalogue)" and "Add, modify and iew patron information (borrowers)" permissions on; 2) enable "RESTOAuth2ClientCredentials" in sysprefs; 3) login with that user into staff interface; 4) check any other patron, go to the "More"->"Manage API keys" and check that you can see, add delete their API keys; 5) apply patch; 6) with that same user try to access "Manage API keys" page again. Ensure that you can't access that page of other patrons but can access your own page and manage your own API keys. 7) log in with superlibrarian now and ensure that you can access every "Manage API keys" page of every patron and apply changes there. Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>		2021-09-15 10:46:24 -04:00
acqui	Bug 28881: (bug 23376 follow-up) Fix suggestion display on order receive page	2021-09-03 09:55:04 -04:00
admin	Bug 28912: Prevent Pseudonymization to be set if bcrypt_settings not set	2021-09-10 08:06:14 -04:00
api	Bug 28480: Add q parameters for GET /patrons	2021-07-09 09:09:31 -04:00
authorities	Bug 28160: Values from 150$a aren't prefilled in z39.50 search form from an existing authority record	2021-05-10 15:52:53 +02:00
basket	Bug 27268: (QA follow-up) Add Koha::Biblios to basket scripts	2021-03-09 17:20:47 +01:00
bin
C4	Bug 28373: [21.05] Fix transformMARCXML4XSLT export in C4::XSLT	2021-09-10 08:11:05 -04:00
catalogue	Bug 28554: In itemsearch sort item types filter by description	2021-09-03 10:47:08 -04:00
cataloguing	Bug 28533: Set subfields to 'undef' if whole field request in itemcallnumebr system preference	2021-08-06 11:11:45 -04:00
circ	Bug 28581: Use 'from_email_address' where appropriate	2021-07-09 09:05:48 -04:00
clubs
course_reserves
debian	Bug 28749: Restore the database name to Koha dumps	2021-08-06 07:46:44 -04:00
docs	Bug 28476: Update info in docs/teams.yaml file	2021-07-02 09:26:43 -04:00
errors
etc	Bug 28620: Remove trailing space when logging with log4perl	2021-07-30 10:32:28 -04:00
ill
installer	Bug 28373: [21.05.x] Add PassItemMarcToXSLT system preference	2021-09-03 13:04:38 -04:00
Koha	Bug 26195: Add a way to specify authorised values should be expanded [OAI]	2021-09-03 11:17:51 -04:00
koha-tmpl	Bug 28759: limit accessibility for "Manage API keys"	2021-09-15 10:46:24 -04:00
labels
lib/CGI/Session/Serialize	Bug 28519: Put CGI::Session::Serialize::yamlxs in lib directory	2021-06-18 11:23:42 -04:00
members	Bug 28759: limit accessibility for "Manage API keys"	2021-09-15 10:46:24 -04:00
misc	Fix release notes for 21.05.03 release	2021-08-24 11:02:07 -04:00
offline_circ
opac	Bug 28941: Deal with OPACSuggestionUnwantedFields	2021-09-15 10:46:04 -04:00
patron_lists
patroncards	Bug 23271: Replace search_limited with search_with_library_limits	2021-04-21 15:25:07 +02:00
plugins
pos	Bug 28368: Add fallback language for anonymous payment receipts	2021-05-27 14:12:24 +02:00
reports	Bug 28804: (bug 25026 follow-up) Handle SQL errors in reports	2021-08-13 07:28:41 -04:00
reserve	Bug 7703: (QA follow-up)	2021-09-03 10:49:48 -04:00
reviews
rotating_collections	Bug 26618: (QA follow-up) Fix unit test for TranferCollection change	2021-03-03 15:36:13 +01:00
serials	Bug 23243: Adjust previous patch	2021-04-21 15:25:07 +02:00
services
skel
suggestion	Bug 28581: Use 'from_email_address' where appropriate	2021-07-09 09:05:48 -04:00
svc	Bug 27061: Remove duplicate permission check in svc/mana/search	2021-04-30 17:07:32 +02:00
t	Bug 28929: Add selenium tests	2021-09-15 10:05:16 -04:00
tags
tmp/modified_authorities
tools	Bug 28835: Fix ability to pass list contents to batch record modification	2021-08-13 07:37:06 -04:00
virtualshelves
xt	Bug 28370: Rewrite tests	2021-05-25 09:28:18 +02:00
.editorconfig
.eslintrc.json
.gitignore
.htaccess
.mailmap	Bug 28386: Disambiguate Tomas and Blou	2021-05-26 12:30:59 +02:00
.perlcriticrc
.scss-lint.yml
about.pl	Bug 28490: Revert "Bug 26995: Remove references to relationship column"	2021-06-18 07:47:34 -04:00
app.psgi
changelanguage.pl
cpanfile	Bug 28317: Use the default CGI::Session serializer	2021-05-19 14:45:32 +02:00
fix-perl-path.PL
gulpfile.js
help.pl
INSTALL
Koha.pm	Bug 28774: DBRev 21.05.03.001	2021-09-03 11:15:53 -04:00
koha_perl_deps.pl
kohaversion.pl
LICENSE
mainpage.pl
Makefile.PL	Bug 28519: Put CGI::Session::Serialize::yamlxs in lib directory	2021-06-18 11:23:42 -04:00
MANIFEST.SKIP
package.json	Bug 27939: Update yarn.lock file	2021-03-16 12:04:06 +01:00
README
README.md
README.robots
rewrite-config.PL	Bug 28519: Put CGI::Session::Serialize::yamlxs in lib directory	2021-06-18 11:23:42 -04:00
yarn.lock	Bug 27939: Update yarn.lock file	2021-03-16 12:04:06 +01:00

README.md

Koha is a free software integrated library system (ILS).

Koha is distributed under the GNU GPL version 3 or later.

Note: Koha does not accept pull requests from git hosting sites.

Note: This project has its own bug tracker, to report a bug or submit a patch visit http://bugs.koha-community.org.

For guidelines on submitting patches for Koha please visit https://wiki.koha-community.org/wiki/SubmitingAPatch

The developers handbook can be found at https://wiki.koha-community.org/wiki/Developer_handbook

http://koha-community.org/