]> git.koha-community.org Git - koha.git/commit
Bug 13910: Prevent delete of one's own patron account
authorMarc Véron <veron@veron.ch>
Thu, 23 Apr 2015 20:50:17 +0000 (22:50 +0200)
committerTomas Cohen Arazi <tomascohen@gmail.com>
Thu, 14 May 2015 14:45:40 +0000 (11:45 -0300)
commit1a54f0916ed96ae717cdca8ece53cf5998bafec3
tree038a616c83b7159f4be527faac55c484d1f5f956
parentb678c7359e2e7fe33d58d936f3227990911d43b6
Bug 13910: Prevent delete of one's own patron account

This patch adds a check to prevent deleting the user's own account.
Additionali it fixes a "missing link" in moremember.pl and wrong comparisions in moremember.tt regarding other forbidden deleting.

To test:
- Apply patch
- Create a user with sufficient privileges to delete users
- Log in as this new user
- Try to delete this user. Confirm message box "Are you sure..."
- Confirm that you get a message "Not allowed to delete own account" and that the user still exists.

Bonus test:
Try to trigger other forbidden deletions (see members/deletemem.pl): 'CANT_DELETE_STAFF', 'CANT_DELETE_OTHERLIBRARY', 'CANT_DELETE'
(You can fake it by using an URL like: /cgi-bin/koha/members/moremember.pl?borrowernumber=115&error=CANT_DELETE_STAFF  etc.)
Without patch, no message appears. With patch, messages appear as appropriate.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
NOTE: Attempted all CANT combinations. From reading the code,
this is kind of an important patch, because I'm not sure
deleting error messages work at all right now based on what
I read.

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
koha-tmpl/intranet-tmpl/prog/en/modules/members/moremember.tt
members/deletemem.pl
members/moremember.pl