]> git.koha-community.org Git - koha.git/commit
projects / koha.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a5f526a) | patch
Bug 20100: Disallow access to superlib privileges at server side
authorMarcel de Rooy <m.de.rooy@rijksmuseum.nl>
Wed, 31 Jan 2018 14:02:36 +0000 (15:02 +0100)
committerJonathan Druart <jonathan.druart@bugs.koha-community.org>
Wed, 25 Apr 2018 13:23:53 +0000 (10:23 -0300)
commitf26b68a07f8ac8e5dd47a1e478e47507e424453a
treedd26a6b5adf2fadfac6a5e6189c13995aa7df22dtree | snapshot
parenta5f526ae0fc488607cf766335626294d6027a406commit | diff
Bug 20100: Disallow access to superlib privileges at server side

Depends on pref ProtectSuperlibPrivs.
If enabled, script member-flags.pl will not allow you to add or remove
superlib privs when you are no superlibrarian.
The follow-up patch will enable the check at client side.

Test plan:
[1] Enable the pref. Do not apply the third patch (client side).
[2] Login as superlib and add/remove superlib privs to a staff user.
[3] Login as another user (no superlib, but having borrowers, permissions
    and staff_access). Verify that you have an internal server error when
    you add or remove superlib privs. The log contains a warning.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: JM Broust <jean-manuel.broust@univ-lyon2.fr>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
members/member-flags.pl diff | blob | history
Main Koha release repository