http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14321

Marcel de Rooy <m.de.r...@rijksmuseum.nl> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
  Attachment #41561|0                           |1
        is obsolete|                            |

--- Comment #17 from Marcel de Rooy <m.de.r...@rijksmuseum.nl> ---
Created attachment 41667
  -->
http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=41667&action=edit
Bug 14321: Fix permissions check in upload-file.pl

This fixes an error in one of the patches of bug 6874.
The userid of the Koha admin user is passed to haspermission, but we
should pick the userid from the session.

NOTE: Bug 14686 will add a specific permission for tools/upload.pl. At
that time we can add the script to the Tools menu too. For now, you
need edit_catalogue to start upload.pl and you will additionally need
a permission like upload_local_cover_images (see tools/upload-file) to
successfully upload a new file. Searching for files and copying URLs
to the editor can still be done with edit_catalogue.

Test plan:
[1] Pick a staff user that only has catalogue and edit_catalogue.
[2] Without this patch, you can upload a file on tools/upload.pl.
[3] Apply this patch.
[4] Retry. Should not work: Upload status is Denied.
[5] Login with enough permissions. Upload again.

-- 
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

Reply via email to