[Koha-bugs] [Bug 643] Allow override of 'debarred' status

bugzilla-daemon Sat, 04 Oct 2014 18:48:48 -0700

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=643


Nick Clemens <n...@quecheelibrary.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
  Attachment #31837|0                           |1
        is obsolete|                            |

--- Comment #19 from Nick Clemens <n...@quecheelibrary.org> ---
Created attachment 31999
  -->
http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=31999&action=edit
[SIGNED OFF] Bug 643: QA Followup - server-side verification of permissions

Only allow $force_allow=1 if the logged in user has permissions.

TEST PLAN
---------
Attempt to intentionally override the checkout by passing an
appropriately handcrafted URL.
-- Regardless of the force_allow value, it should be not allowed
   for those lacking the force_checkout permission.

NOTE: I didn't test this. I figured Marc Veron could do that. :)
      (Sorry, couldn't easily get git bz to work with the accent)

Signed-off-by: Nick Clemens <n...@quecheelibrary.org>

-- 
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 643] Allow override of 'debarred' status

Reply via email to