From 0e40d8d3d185cf56d23d94a065118da7fd0c9d81 Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Thu, 19 Aug 2021 15:07:50 +0200 Subject: [PATCH] Bug 28882: permission UI allows selection of superlibrarian permission With bug 20100 and 22150 we allow to select all the permissions but the superlibrarian permission, to ease the selection. And we also forbid a non-superlibrarian user to add superlibrarian permission. However there is something wrong in the JS code and it's possible to add the superlibrarian permission. The user is getting an ugly 500 and so the permission change is not done, but the UI checks must be fixed. To recreate: Login with a non-superlibrarian user Edit permission Clear all => You can select the "superlibrarian" permission Test plan: Login with a non-superlibrarian user Try to set the superlibrarian permissions to a user => not possible Try the select all/clear all => still cannot set the superlibrarian permission Work to be done: Login with a non-superlibrarian user Edit permissions for a superlibrarian user => You can remove it, then cannot add it back Should we allow removal of superlibrarian permission by non-superlibrarian user? Signed-off-by: Hayley Pelham Signed-off-by: Marcel de Rooy Signed-off-by: Jonathan Druart Signed-off-by: Kyle M Hall --- .../prog/en/modules/members/member-flags.tt | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/members/member-flags.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/members/member-flags.tt index 1a87c6af3a..d2f4156f51 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/members/member-flags.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/members/member-flags.tt @@ -69,14 +69,14 @@ [% END %] [% IF ( loo.checked ) %] [% IF disable_superlibrarian_privs && loo.bit == 0 %] - - + + [% ELSE %] [% END %] [% ELSE %] [% IF disable_superlibrarian_privs && loo.bit == 0 %] - + [% ELSE %] [% END %] @@ -131,10 +131,16 @@ $(".flag").attr("disabled", false); $(".flag").prop("checked", true); $("#flag-0").prop("checked", false); + [% IF disable_superlibrarian_privs %] + $("#flag-0").prop("disabled", true); + [% END %] return false; }); $("#UncheckAllFlags").on("click",function(){ $(".flag").attr("disabled", false); + [% IF disable_superlibrarian_privs %] + $("#flag-0").prop("disabled", true); + [% END %] $(".flag").prop("checked", false); return false; }); -- 2.39.5