From cbeed6cf3db342e025b4d837ab135136d39a140e Mon Sep 17 00:00:00 2001 From: Katrin Fischer Date: Sun, 3 Jun 2018 10:09:23 +0200 Subject: [PATCH] Bug 20861: Correct EDI permissions on EDI messsages The permission for EDI is edi_manage, but 2 pages asked for manage_edi, allowing users not to access those. To test: - Add edi_manage to your permissions - Try to access the EDIFACT messages from the acq start page - Verify it doesn't work - Apply patch and try again - You should be able to access the page now - Try to access the other page directly (if you don't have EDI data): /cgi-bin/koha/acqui/edimsg.pl - Verify you can access the page and don't get a permission error Signed-off-by: Mark Tompsett Signed-off-by: Jonathan Druart Signed-off-by: Nick Clemens Signed-off-by: Martin Renvoize (cherry picked from commit 7883b19de5f24551b36bf29133b04bc71ad4d56a) Signed-off-by: Fridolin Somers --- acqui/edifactmsgs.pl | 2 +- acqui/edimsg.pl | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/acqui/edifactmsgs.pl b/acqui/edifactmsgs.pl index 608eaff0a9..effa918c1e 100755 --- a/acqui/edifactmsgs.pl +++ b/acqui/edifactmsgs.pl @@ -32,7 +32,7 @@ my ( $template, $loggedinuser, $cookie, $userflags ) = get_template_and_user( query => $q, type => 'intranet', authnotrequired => 0, - flagsrequired => { acquisition => 'manage_edi' }, + flagsrequired => { acquisition => 'edi_manage' }, debug => 1, } ); diff --git a/acqui/edimsg.pl b/acqui/edimsg.pl index c3547f025b..122b95a177 100755 --- a/acqui/edimsg.pl +++ b/acqui/edimsg.pl @@ -32,7 +32,7 @@ my ( $template, $loggedinuser, $cookie, $userflags ) = get_template_and_user( query => $q, type => 'intranet', authnotrequired => 0, - flagsrequired => { acquisition => 'manage_edi' }, + flagsrequired => { acquisition => 'edi_manage' }, debug => 1, } ); -- 2.39.5