From 4f0c8e3c88cb43f21f70e4d776442b489ee3f5dc Mon Sep 17 00:00:00 2001 From: Katrin Fischer Date: Sun, 3 Jun 2018 10:09:23 +0200 Subject: [PATCH] Bug 20861: Correct EDI permissions on EDI messsages The permission for EDI is edi_manage, but 2 pages asked for manage_edi, allowing users not to access those. To test: - Add edi_manage to your permissions - Try to access the EDIFACT messages from the acq start page - Verify it doesn't work - Apply patch and try again - You should be able to access the page now - Try to access the other page directly (if you don't have EDI data): /cgi-bin/koha/acqui/edimsg.pl - Verify you can access the page and don't get a permission error Signed-off-by: Mark Tompsett Signed-off-by: Jonathan Druart Signed-off-by: Nick Clemens --- acqui/edifactmsgs.pl | 2 +- acqui/edimsg.pl | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/acqui/edifactmsgs.pl b/acqui/edifactmsgs.pl index c706d9248b..12e22570f7 100755 --- a/acqui/edifactmsgs.pl +++ b/acqui/edifactmsgs.pl @@ -31,7 +31,7 @@ my ( $template, $loggedinuser, $cookie, $userflags ) = get_template_and_user( query => $q, type => 'intranet', authnotrequired => 0, - flagsrequired => { acquisition => 'manage_edi' }, + flagsrequired => { acquisition => 'edi_manage' }, debug => 1, } ); diff --git a/acqui/edimsg.pl b/acqui/edimsg.pl index acc5beadb1..af6771fea7 100755 --- a/acqui/edimsg.pl +++ b/acqui/edimsg.pl @@ -31,7 +31,7 @@ my ( $template, $loggedinuser, $cookie, $userflags ) = get_template_and_user( query => $q, type => 'intranet', authnotrequired => 0, - flagsrequired => { acquisition => 'manage_edi' }, + flagsrequired => { acquisition => 'edi_manage' }, debug => 1, } ); -- 2.39.5