Bug 13910: Prevent delete of one's own patron account
This patch adds a check to prevent deleting the user's own account.
Additionali it fixes a "missing link" in moremember.pl and wrong comparisions in moremember.tt regarding other forbidden deleting.
To test:
- Apply patch
- Create a user with sufficient privileges to delete users
- Log in as this new user
- Try to delete this user. Confirm message box "Are you sure..."
- Confirm that you get a message "Not allowed to delete own account" and that the user still exists.
Bonus test:
Try to trigger other forbidden deletions (see members/deletemem.pl): 'CANT_DELETE_STAFF', 'CANT_DELETE_OTHERLIBRARY', 'CANT_DELETE'
(You can fake it by using an URL like: /cgi-bin/koha/members/moremember.pl?borrowernumber=115&error=CANT_DELETE_STAFF etc.)
Without patch, no message appears. With patch, messages appear as appropriate.
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
NOTE: Attempted all CANT combinations. From reading the code,
this is kind of an important patch, because I'm not sure
deleting error messages work at all right now based on what
I read.
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
(cherry picked from commit
1a54f0916ed96ae717cdca8ece53cf5998bafec3)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
projects / koha.git / commit