git.koha-community.org Git - koha.git/commit

Bug 18756: Users can view aq.baskets even if they are not allowed

Due to bad use of grep syntax if there is one or more Basket Users the result of grep is not equal to 0 and the borrower is allowed.

Test plan :
1- select system preference 'AcqViewBaskets' on 'user'
2- create 2 borrowers (A, B) with only permissions on acquisition :
group_manage
order_manage
order_receive
staff
3- login with A and create a basket
4- add a basquet manager other than B
5- relog with account B
6- you can see the basket

Apply the patch.
The basket is no longer visible.
1- relog with A
2- add basquet manager B
3- relog with B
5- you must see the basket

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Mason James <mtj@kohaaloha.com>

author	Christophe Croullebois <christophe.croullebois@biblibre.com>
	Thu, 8 Jun 2017 13:17:56 +0000 (13:17 +0000)
committer	Mason James <mtj@kohaaloha.com>
	Sun, 30 Jul 2017 13:02:08 +0000 (01:02 +1200)
commit	00f1a3023f143b1f2fcb854ceb45d0a2e1d48f2a
tree	c6a4a51b8f50d6daee0fda13d67f375f1872cafa	tree \| snapshot
parent	478e0797b7f233b3536e2361f41f8688311d1ec7	commit \| diff