Bug 29903: Prevent messages to be deleted from unauthorised users
The "Delete" link is hidden but the controller does not do the necessary checks.
/cgi-bin/koha/circ/del_message.pl?message_id=1&borrowernumber=5&from=moremember
Test plan:
Create a message, see the "Delete" link, don't click it but copy it
Change logged in library and use the link
If AllowAllMessageDeletion is off you should be redirected to 403
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>