http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6390
Edgar Fuß <e...@math.uni-bonn.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |e...@math.uni-bonn.de --- Comment #1 from Edgar Fuß <e...@math.uni-bonn.de> 2011-07-31 13:47:03 UTC --- As I need this functionality too, I just implemented the ``see mine/my branch/all'' suggestion. I added a new syspref, AcqViewBaskets, taking the values user/branch/all. The required MySQL statement to add this to the database is: INSERT INTO `systempreferences` (variable,value,options,explanation,type) VALUES ('AcqViewBaskets','user','user|branch|all','Define which baskets a user is allowed to view: his own only, any within his branch or all','Choice'); I don't feel comfortable enough with the automatic version tracking/database updating machinery to implement the changes need for that. For the change proper, see attached patch. However, that's all no real security as long as you can just pass ?basketno=nnn to all of the scripts handling baskets. You either have to change these or to randomise basket numbers. -- Configure bugmail: http://bugs.koha-community.org/bugzilla3/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA Contact for the bug. _______________________________________________ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/