]> git.koha-community.org Git - koha.git/commit
Bug 29542: Prevent access to private list to non authorized users
authorJonathan Druart <jonathan.druart@bugs.koha-community.org>
Wed, 5 Jan 2022 14:56:24 +0000 (15:56 +0100)
committerVictor Grousset/tuxayo <victor@tuxayo.net>
Mon, 31 Jan 2022 18:15:45 +0000 (19:15 +0100)
commit0bb3edf936b6813dbbe1c12cac792ccc90d7f965
tree77de8ccc5a5c499fcb74aa8976d9fe383912f209
parent3afe1ccb6d1ca01d5549a26583e31bb6c4eda674
Bug 29542: Prevent access to private list to non authorized users

The catalogue permission is not enough.

Test plan:
Create a private list owned by user A
Login with user B and hit (with XX the shelfid)
  /cgi-bin/koha/virtualshelves/sendshelf.pl?shelfid=XX

You should get an error message "You do not have sufficient permission
to continue."

Login with user A
=> You should be able to send the list

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 6ca49b550e54a0f1729c5d23838256a0e4542f91)
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
koha-tmpl/intranet-tmpl/prog/en/modules/virtualshelves/sendshelfform.tt
virtualshelves/sendshelf.pl