From ffd14c3d285c34fb5728d71d051fce022bf1f316 Mon Sep 17 00:00:00 2001 From: Fridolin Somers Date: Fri, 15 Sep 2017 11:12:01 +0200 Subject: [PATCH] Bug 19323: subscription edit permission issue If a librarian has edit_subscription but not create_subscription : When trying to edit a subscription, after saving permission is denied. This is because permissions in serials/subscription-add.pl depends on arg 'op' and on edit this arg starts with 'modify' but changes to 'modsubscription' when saving. Test plan : - Create a user with staff access - Define its permissions on serials : only edit_subscription - Edit a subscription - Click 'Next' - Click 'Test prediction pattern' - Click 'Save subscription' => Without patch you get to page serials/subscription-add.pl with permission denied => With patch subscription is saved and you get to subscription details page Signed-off-by: Caroline Cyr La Rose Signed-off-by: Kyle M Hall Signed-off-by: Jonathan Druart (cherry picked from commit 12bd6358cfe6c9348cb111d22f04097f7911babf) Signed-off-by: Fridolin Somers (cherry picked from commit fe386c172496159198b34383c3080185de7ae0af) Signed-off-by: Katrin Fischer --- serials/subscription-add.pl | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/serials/subscription-add.pl b/serials/subscription-add.pl index f66b650f89..6d432a87de 100755 --- a/serials/subscription-add.pl +++ b/serials/subscription-add.pl @@ -44,7 +44,8 @@ my $sub_length; # Permission needed if it is a modification : edit_subscription # Permission needed otherwise (nothing or dup) : create_subscription -my $permission = ($op eq "modify") ? "edit_subscription" : "create_subscription"; +my $permission = + ( $op eq 'modify' || $op eq 'modsubscription' ) ? "edit_subscription" : "create_subscription"; my ($template, $loggedinuser, $cookie) = get_template_and_user({template_name => "serials/subscription-add.tt", -- 2.39.5