]> git.koha-community.org Git - koha.git/commit
Bug 29542: Prevent access to private list to non authorized users
authorJonathan Druart <jonathan.druart@bugs.koha-community.org>
Wed, 5 Jan 2022 14:56:24 +0000 (15:56 +0100)
committerAndrew Fuerste-Henry <andrew@bywatersolutions.com>
Fri, 28 Jan 2022 14:17:15 +0000 (14:17 +0000)
commit718c57367e30dfea247d8ca815e1a8b401a9da3c
tree8721149ac431d49979f5747f3fdcb531bc998ad2
parent4b1acb7a3a01fbe900c949798685de95877580ce
Bug 29542: Prevent access to private list to non authorized users

The catalogue permission is not enough.

Test plan:
Create a private list owned by user A
Login with user B and hit (with XX the shelfid)
  /cgi-bin/koha/virtualshelves/sendshelf.pl?shelfid=XX

You should get an error message "You do not have sufficient permission
to continue."

Login with user A
=> You should be able to send the list

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
koha-tmpl/intranet-tmpl/prog/en/modules/virtualshelves/sendshelfform.tt
virtualshelves/sendshelf.pl