git.koha-community.org Git - koha.git/commit

Bug 29543: Prevent user to checkin or renew items they don't own

Checkin or renew must be restricted to the items they own.

Test plan:
Create an item with barcode bc_1
Check it in to user A
Login to SCO with user B
Get the token using the browser dev tool, from the cookie
Hit (replace $JWT)
/cgi-bin/koha/sco/sco-main.pl?jwt=$JWT&op=renew&barcode=bc_1
/cgi-bin/koha/sco/sco-main.pl?jwt=$JWT&op=returnbook&barcode=bc_1

You should see an error message

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 839b7c4a5c8bdba62776fdb74c5f2125622a9ff0)
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
(cherry picked from commit 1c8988377bbd7749a83c9d695419e1ac6f53441e)

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>

author	Jonathan Druart <jonathan.druart@bugs.koha-community.org>
	Wed, 5 Jan 2022 14:25:48 +0000 (15:25 +0100)
committer	Andrew Fuerste-Henry <andrew@bywatersolutions.com>
	Tue, 25 Jan 2022 21:00:18 +0000 (21:00 +0000)
commit	9a65da00e44a75531ed68a1b751a38404bf174fb
tree	87205edf9a07da71c7b96b620314cbe32351620d	tree \| snapshot
parent	84f79b52723265957f09642a4c67184f988bc428	commit \| diff

koha-tmpl/opac-tmpl/bootstrap/en/modules/sco/sco-main.tt		diff \| blob \| history
opac/sco/sco-main.pl		diff \| blob \| history