http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6390
Edgar Fuß <e...@math.uni-bonn.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |e...@math.uni-bonn.de
--- Comment #1 from Edgar Fuß <e...@math.uni-bonn.de> 2011-07-31 13:47:03 UTC
---
As I need this functionality too, I just implemented the ``see mine/my
branch/all'' suggestion.
I added a new syspref, AcqViewBaskets, taking the values user/branch/all.
The required MySQL statement to add this to the database is:
INSERT INTO `systempreferences` (variable,value,options,explanation,type)
VALUES ('AcqViewBaskets','user','user|branch|all','Define which baskets a user
is allowed to view: his own only, any within his branch or all','Choice');
I don't feel comfortable enough with the automatic version tracking/database
updating machinery to implement the changes need for that.
For the change proper, see attached patch.
However, that's all no real security as long as you can just pass ?basketno=nnn
to all of the scripts handling baskets. You either have to change these or to
randomise basket numbers.
--
Configure bugmail:
http://bugs.koha-community.org/bugzilla3/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA Contact for the bug.
_______________________________________________
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
