From 915b4431e5d8cb45c644bb383adbccc41813e4fc Mon Sep 17 00:00:00 2001 From: Katrin Fischer Date: Sun, 18 Oct 2020 15:14:48 +0000 Subject: [PATCH] Bug 26721: Fix permission check on debit and credit type admin pages At the moment the pages falsely check for parameters_remaining_permissions, but they should check the specific manage_accounts permission. To test: - Create a new staff user with only catalog and manage_acccounts permissions - Log in with this staff user and go to the admin page - You will see the debit and credit type sections, but won't be able to access them - Apply the patch - Veriy the links still show, but pages are now accessible Signed-off-by: Chris Cormack Signed-off-by: Martin Renvoize Signed-off-by: Jonathan Druart --- admin/credit_types.pl | 2 +- admin/debit_types.pl | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/admin/credit_types.pl b/admin/credit_types.pl index 848a00b73e..48ec9b49d4 100755 --- a/admin/credit_types.pl +++ b/admin/credit_types.pl @@ -38,7 +38,7 @@ my ( $template, $loggedinuser, $cookie ) = get_template_and_user( template_name => "admin/credit_types.tt", query => $input, type => "intranet", - flagsrequired => { parameters => 'parameters_remaining_permissions' }, + flagsrequired => { parameters => 'manage_accounts' }, debug => 1, } ); diff --git a/admin/debit_types.pl b/admin/debit_types.pl index 5f7081d09e..7d0f6e840f 100755 --- a/admin/debit_types.pl +++ b/admin/debit_types.pl @@ -38,7 +38,7 @@ my ( $template, $loggedinuser, $cookie ) = get_template_and_user( template_name => "admin/debit_types.tt", query => $input, type => "intranet", - flagsrequired => { parameters => 'parameters_remaining_permissions' }, + flagsrequired => { parameters => 'manage_accounts' }, debug => 1, } ); -- 2.39.5