projects / koha.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 2c3a11f) | patch
Bug 29542: Prevent access to private list to non authorized users
authorJonathan Druart <jonathan.druart@bugs.koha-community.org>
Wed, 5 Jan 2022 14:56:24 +0000 (15:56 +0100)
committerFridolin Somers <fridolin.somers@biblibre.com>
Thu, 3 Feb 2022 07:05:29 +0000 (21:05 -1000)
commitef85122b1dad86637b652460ee898f6cc2931669
tree3a1a158e85657f695441b6d69552921da8c8c1a8tree | snapshot
parent2c3a11f138247c53df306667f421857ef2a3977acommit | diff
Bug 29542: Prevent access to private list to non authorized users

The catalogue permission is not enough.

Test plan:
Create a private list owned by user A
Login with user B and hit (with XX the shelfid)
  /cgi-bin/koha/virtualshelves/sendshelf.pl?shelfid=XX

You should get an error message "You do not have sufficient permission
to continue."

Login with user A
=> You should be able to send the list

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
koha-tmpl/intranet-tmpl/prog/en/modules/virtualshelves/sendshelfform.tt diff | blob | history
virtualshelves/sendshelf.pl diff | blob | history
Main Koha release repository