From 2880d40bf0d5e1b98809eaf57be018e0224a6472 Mon Sep 17 00:00:00 2001 From: Martin Renvoize Date: Fri, 19 Feb 2021 10:12:32 +0000 Subject: [PATCH] Bug 27716: Update permissions for patroncards creator The various subpages of the label creator tool we're under the 'catalogue' permission. There is however a 'label_creator' subpermission of tools which is more appropriate. Test plan 1/ Setup a user with just the 'catelogue' permission (to enable logging into the staff interface) 2/ With the patch applied you should not be able to access the following pages (either via navigation in the UI or by typing them into the browser address bar directly) - /patroncards/add_user_search.pl - /patroncards/edit-batch.pl - /patroncards/edit-layout.pl - /patroncards/edit-profile.pl - /patroncards/edit-template.pl - /patroncards/home.pl - /patroncards/image-manage.pl - /patroncards/manage.pl - /patroncards/print.pl 3/ Signoff Signed-off-by: Owen Leonard Signed-off-by: Katrin Fischer Signed-off-by: Jonathan Druart (cherry picked from commit bc5decc913b34468b1355925dc8ba260b060365c) Signed-off-by: Fridolin Somers --- patroncards/add_user_search.pl | 2 +- patroncards/edit-batch.pl | 2 +- patroncards/edit-layout.pl | 2 +- patroncards/edit-profile.pl | 2 +- patroncards/edit-template.pl | 2 +- patroncards/home.pl | 2 +- patroncards/image-manage.pl | 2 +- patroncards/manage.pl | 2 +- patroncards/print.pl | 2 +- 9 files changed, 9 insertions(+), 9 deletions(-) diff --git a/patroncards/add_user_search.pl b/patroncards/add_user_search.pl index 5c250e81ce..b01cf6a5df 100755 --- a/patroncards/add_user_search.pl +++ b/patroncards/add_user_search.pl @@ -34,7 +34,7 @@ my ( $template, $loggedinuser, $cookie, $staff_flags ) = get_template_and_user( { template_name => "common/patron_search.tt", query => $input, type => "intranet", - flagsrequired => { catalogue => 1 }, + flagsrequired => { tools => 'label_creator' }, } ); diff --git a/patroncards/edit-batch.pl b/patroncards/edit-batch.pl index 992c58a753..e00b01144b 100755 --- a/patroncards/edit-batch.pl +++ b/patroncards/edit-batch.pl @@ -37,7 +37,7 @@ my ( $template, $loggedinuser, $cookie ) = get_template_and_user( template_name => "patroncards/edit-batch.tt", query => $cgi, type => "intranet", - flagsrequired => { catalogue => 1 }, + flagsrequired => { tools => 'label_creator' }, debug => 1, } ); diff --git a/patroncards/edit-layout.pl b/patroncards/edit-layout.pl index 8e415afa6b..b50c221c02 100755 --- a/patroncards/edit-layout.pl +++ b/patroncards/edit-layout.pl @@ -36,7 +36,7 @@ my ( $template, $loggedinuser, $cookie ) = get_template_and_user( template_name => "patroncards/edit-layout.tt", query => $cgi, type => "intranet", - flagsrequired => { catalogue => 1 }, + flagsrequired => { tools => 'label_creator' }, debug => 1, } ); diff --git a/patroncards/edit-profile.pl b/patroncards/edit-profile.pl index e5ceb08b07..7ca0e70117 100755 --- a/patroncards/edit-profile.pl +++ b/patroncards/edit-profile.pl @@ -33,7 +33,7 @@ my ( $template, $loggedinuser, $cookie ) = get_template_and_user( template_name => "patroncards/edit-profile.tt", query => $cgi, type => "intranet", - flagsrequired => { catalogue => 1 }, + flagsrequired => { tools => 'label_creator' }, debug => 1, } ); diff --git a/patroncards/edit-template.pl b/patroncards/edit-template.pl index cce2a8f5ec..6ec791a223 100755 --- a/patroncards/edit-template.pl +++ b/patroncards/edit-template.pl @@ -34,7 +34,7 @@ my ( $template, $loggedinuser, $cookie ) = get_template_and_user( template_name => "patroncards/edit-template.tt", query => $cgi, type => "intranet", - flagsrequired => { catalogue => 1 }, + flagsrequired => { tools => 'label_creator' }, debug => 1, } ); diff --git a/patroncards/home.pl b/patroncards/home.pl index 7bb2bc41a1..884f4874d9 100755 --- a/patroncards/home.pl +++ b/patroncards/home.pl @@ -31,7 +31,7 @@ my ( $template, $loggedinuser, $cookie ) = get_template_and_user( template_name => "patroncards/home.tt", query => $cgi, type => "intranet", - flagsrequired => { catalogue => 1 }, + flagsrequired => { tools => 'label_creator' }, debug => 1, } ); diff --git a/patroncards/image-manage.pl b/patroncards/image-manage.pl index e3e38b9db3..388f2af688 100755 --- a/patroncards/image-manage.pl +++ b/patroncards/image-manage.pl @@ -19,7 +19,7 @@ my ($template, $loggedinuser, $cookie) = get_template_and_user({ template_name => "patroncards/image-manage.tt", query => $cgi, type => "intranet", - flagsrequired => {tools => 'batch_upload_patron_images'}, # FIXME: establish flag for patron card creator + flagsrequired => {tools => 'label_creator'}, debug => 0, }); diff --git a/patroncards/manage.pl b/patroncards/manage.pl index 4ea36eb9d0..62d0ee78a5 100755 --- a/patroncards/manage.pl +++ b/patroncards/manage.pl @@ -37,7 +37,7 @@ my ( $template, $loggedinuser, $cookie ) = get_template_and_user( template_name => "patroncards/manage.tt", query => $cgi, type => "intranet", - flagsrequired => { catalogue => 1 }, + flagsrequired => { tools => 'label_creator' }, debug => 1, } ); diff --git a/patroncards/print.pl b/patroncards/print.pl index 60cff0ea87..03382824e2 100755 --- a/patroncards/print.pl +++ b/patroncards/print.pl @@ -33,7 +33,7 @@ my ( $template, $loggedinuser, $cookie ) = get_template_and_user( template_name => "patroncards/print.tt", query => $cgi, type => "intranet", - flagsrequired => { catalogue => 1 }, + flagsrequired => { tools => 'label_creator' }, debug => 1, } ); -- 2.39.5