]> git.koha-community.org Git - koha.git/commit
projects / koha.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a865baa) | patch
Bug 29542: Prevent access to private list to non authorized users
authorJonathan Druart <jonathan.druart@bugs.koha-community.org>
Wed, 5 Jan 2022 14:56:24 +0000 (15:56 +0100)
committerWainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
Sun, 30 Jan 2022 23:30:36 +0000 (23:30 +0000)
commit7b00bf7ddbdf3e763f3644ad8527ccba05504323
treed25842714e92d6d6394936913b6aafbcdc49d101tree | snapshot
parenta865baaee766fb735a715f3c32338426043d7ca3commit | diff
Bug 29542: Prevent access to private list to non authorized users

The catalogue permission is not enough.

Test plan:
Create a private list owned by user A
Login with user B and hit (with XX the shelfid)
  /cgi-bin/koha/virtualshelves/sendshelf.pl?shelfid=XX

You should get an error message "You do not have sufficient permission
to continue."

Login with user A
=> You should be able to send the list

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 6ca49b550e54a0f1729c5d23838256a0e4542f91)
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
(cherry picked from commit 2c41540b3bca62f8194b8392a283325411780ace)

Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
koha-tmpl/intranet-tmpl/prog/en/modules/virtualshelves/sendshelfform.tt diff | blob | history
virtualshelves/sendshelf.pl diff | blob | history
Main Koha release repository