Bug 7002: fix some invalid superlibrarian permission checks
This patch fixes a problem where if a staff user has superlibrarian
permissions, but also has module-specific permissions, they are
prevent from editing item records that they should be allowed to.
To test:
[1] Turn on IndependentBranches.
[2] Register a superlibrarian staff user at branch A.
[3] Give that new account at least one other module-level
permission. This cannot be done through the user interface,
however, but can be done via SQL:
UPDATE borrowers SET flags = 3 WHERE userid = 'XXX';
[4] Log in as that new superlibrarian.
[5] Bring up the item details (catalogue/moredetail.pl) page for
an item at branch B. Note that there is no 'Edit Item' link.
[6] Similarly, try editing that item (cataloging/additem.pl). Note
that the edit form forbids you from touching the item.
[7] Finally, try editing that item using the Tools | Batch item
modification utility. Note that it doesn't allow you to do so.
[8] Apply the patch.
[9] Repeat steps 5 through 7. This time, the item actions should
be allowed.
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Works as described, passes QA script and test suite.
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
(cherry picked from commit
bb750253644e0ba6ea04e36c80088626e8163bf2)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
projects / koha.git / commit