https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17423

Fridolin SOMERS <fridolin.som...@biblibre.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
  Attachment #56134|0                           |1
        is obsolete|                            |

--- Comment #3 from Fridolin SOMERS <fridolin.som...@biblibre.com> ---
Created attachment 56136
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=56136&action=edit
Bug 17423 - patronimage.pl permission is too restrictive

Bug 14566 added the permission "borrowers" on patronimage.pl.
This perm is too restrictive because circulation pages also uses this page.

I propose to simply use "catalogue" perm.

Test plan
- Set an image to borrower xx
- Create a user with only catalogue permission
- Log with this user
- Go to page (replace xx by borrower number) :
/cgi-bin/koha/members/patronimage.pl?borrowernumber=xx
=> Without patch you get 403 error
=> With patch you get the image
- Log out and test the page patronimage.pl
=> You get 403 error

-- 
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
_______________________________________________
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

Reply via email to