]> git.koha-community.org Git - koha.git/commit
Bug 26023: Properly secure the cashup action for libraries
authorMartin Renvoize <martin.renvoize@ptfs-europe.com>
Mon, 20 Jul 2020 08:44:05 +0000 (09:44 +0100)
committerJonathan Druart <jonathan.druart@bugs.koha-community.org>
Mon, 24 Aug 2020 08:12:42 +0000 (10:12 +0200)
commit4356e678f2254707c48a6f89658ed089a6b9e662
treea699bfd35dd5da57a35e35c1e3850de4a6ac2e94
parenta4998b7d5758b0bee682fa7485d66390a3657a20
Bug 26023: Properly secure the cashup action for libraries

The libraries summary page for cash management is available for users
wit the 'anonymous_refund' permission to allow them to navigate to
alternate cash registers and search for the prior transaction to refund.

However, currently the cashup option appears, and is not blocked at the
server, for all user who may access the page. It should be blocked for
those users without the 'cashup' permission.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
koha-tmpl/intranet-tmpl/prog/en/modules/pos/registers.tt
pos/registers.pl