From 59238c74308f2d12b15099ad49b210befe2c6076 Mon Sep 17 00:00:00 2001 From: Marcel de Rooy Date: Mon, 22 Nov 2021 07:55:47 +0000 Subject: [PATCH] Bug 29540: Raise flagsrequired in modrequest Test plan: Try modrequest with a user having only 'catalogue' perms and the following URLs: [1] /cgi-bin/koha/reserve/modrequest.pl?reserve_id=XX&CancelBorrowerNumber=XX&CancelItemnumber=XX&biblionumber=XX Fill the XXs with correct identifiers for some item level hold. [2] /cgi-bin/koha/reserve/modrequest_suspendall.pl?suspend=1&suspend_until=2021-12-01&borrowernumber=XX Fill the XX with borrowernumber for borrower that has pending holds. You should see: Error: You do not have permission to access this page. Signed-off-by: Marcel de Rooy [AMENDED] More consensus for using reserveforothers than circulate_remaining. Signed-off-by: Katrin Fischer Signed-off-by: Jonathan Druart Signed-off-by: Andrew Fuerste-Henry --- reserve/modrequest.pl | 3 ++- reserve/modrequest_suspendall.pl | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/reserve/modrequest.pl b/reserve/modrequest.pl index b2d138378a..233671d876 100755 --- a/reserve/modrequest.pl +++ b/reserve/modrequest.pl @@ -36,8 +36,9 @@ my ( $template, $loggedinuser, $cookie ) = get_template_and_user( template_name => "about.tt", query => $query, type => "intranet", - flagsrequired => { catalogue => 1 }, + flagsrequired => { reserveforothers => 1 }, debug => 1, + flagsrequired => { reserveforothers => 1 }, } ); diff --git a/reserve/modrequest_suspendall.pl b/reserve/modrequest_suspendall.pl index dbe6b227db..72eb8ac29a 100755 --- a/reserve/modrequest_suspendall.pl +++ b/reserve/modrequest_suspendall.pl @@ -34,7 +34,7 @@ my ( $template, $loggedinuser, $cookie ) = get_template_and_user( template_name => "about.tt", query => $query, type => "intranet", - flagsrequired => { catalogue => 1 }, + flagsrequired => { reserveforothers => 1 }, debug => 1, } ); -- 2.39.5