From ccf62d46d7143965086fae7770c2fb27031e1bb6 Mon Sep 17 00:00:00 2001 From: Marcel de Rooy Date: Wed, 31 Jan 2018 16:47:23 +0100 Subject: [PATCH] Bug 20100: Disallow access to superlibrarian privileges at client side This last patch activates the check at client side. If the pref ProtectSuperlibPrivs is enabled, non-superlibs should not be able to change superlibrarian privileges via the interface. Test plan: [1] Enable the pref. [2] Login as superlib and add/remove superlib privs to a staff user. [3] Login as another user (no superlib, but having borrowers, permissions and staff_access). Verify that you cannot add or remove superlib privs. Signed-off-by: Marcel de Rooy Signed-off-by: JM Broust Signed-off-by: Nick Clemens Signed-off-by: Jonathan Druart --- .../intranet-tmpl/prog/en/modules/members/member-flags.tt | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/members/member-flags.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/members/member-flags.tt index d380187b65..f5631f2001 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/members/member-flags.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/members/member-flags.tt @@ -122,6 +122,12 @@ } }); + [% IF disable_superlibrarian_privs %] + $("input#flag-0").attr("disabled", true); + $("form").submit(function(e) { + $("input#flag-0").removeAttr("disabled"); + }); + [% END %] }); // manage checking/unchecking parent permissions -- 2.39.5