From 12bd6358cfe6c9348cb111d22f04097f7911babf Mon Sep 17 00:00:00 2001 From: Fridolin Somers Date: Fri, 15 Sep 2017 11:12:01 +0200 Subject: [PATCH] Bug 19323: subscription edit permission issue If a librarian has edit_subscription but not create_subscription : When trying to edit a subscription, after saving permission is denied. This is because permissions in serials/subscription-add.pl depends on arg 'op' and on edit this arg starts with 'modify' but changes to 'modsubscription' when saving. Test plan : - Create a user with staff access - Define its permissions on serials : only edit_subscription - Edit a subscription - Click 'Next' - Click 'Test prediction pattern' - Click 'Save subscription' => Without patch you get to page serials/subscription-add.pl with permission denied => With patch subscription is saved and you get to subscription details page Signed-off-by: Caroline Cyr La Rose Signed-off-by: Kyle M Hall Signed-off-by: Jonathan Druart --- serials/subscription-add.pl | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/serials/subscription-add.pl b/serials/subscription-add.pl index 1849ed71cd..16d397bae8 100755 --- a/serials/subscription-add.pl +++ b/serials/subscription-add.pl @@ -46,7 +46,8 @@ my $sub_length; # Permission needed if it is a modification : edit_subscription # Permission needed otherwise (nothing or dup) : create_subscription -my $permission = ($op eq "modify") ? "edit_subscription" : "create_subscription"; +my $permission = + ( $op eq 'modify' || $op eq 'modsubscription' ) ? "edit_subscription" : "create_subscription"; my ($template, $loggedinuser, $cookie) = get_template_and_user({template_name => "serials/subscription-add.tt", -- 2.39.5