Bug 23634: Prevent non-superlibrarians from editing superlibarian emails
This patchset prevents a non-superlibrarian user from editing a
superlibrarians email address via memberentry. This is to prevent a
privilege escalation vulnerability whereby a user could update a
superlibrarians contact details to match their own and then request a
password reset via the OPAC.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com> Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>