https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34610
David Nind <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #2 from David Nind <[email protected]> --- I tried to get the hover message with the incorrect text ("The system preference ProtectSuperlibrarian is enabled") to display before applying the patch, but I wasn't able to. (I normally do this so that I can show that the patch fixed the issue.) I think something else is going on here, and I don't think the ProtectSuperlibrarianPrivileges system preference is working as it should. So I will leave for someone else to test that has a better understanding of the code and how permissions work. A couple of other notes: 1. The commit message title needs updating "..Udate.." to "...Update...". 2. To get credit on the dashboard (https://dashboard.koha-community.org/), and to be listed as a Koha developer on the Koha timeline page, please update the assignee for the bug. How I tested ============ This is what I did, with and without the patch applied, as per the test plan (using koha-testing docker (KTD) and the sample data already set up): 1. Set the ProtectSuperlibrarianPrivileges system preference to "Allow only superlibrarians", 2. Set up permissions to test: [1] - User 1 = Henry Acevedo (permissions: superlibrarian permission) - User 2 = Mary Burton (permissions: catalogue, borrowers, and permissions), change password so you can log in as Mary - User 3 = Edna Acosta (permissions: catalogue), so can test anotehr staff patron with minimal access 3. If I login as User 2 (Mary) and go to edit the permissions for User 1 (Henry), I get the login form with the message "Error: You do not have permission to access this page." . This seems correct, Mary has the permission permission, but is not a superlibrarian. As ProtectSuperlibrarianPrivileges is set to "[Allow only superlibrarians] to access/change superlibrarian privileges." (step 1 of the test plan), she should not be able to change the permissions for superlibrarians. So she can't view the permissions page (so can't change them). . Maybe another bug is preventing User 2 (Mary) from viewing User 1's (Henry's) permissions? . Maybe it should be showing the permissions, but not them be changed and display the incorrect hover message? 4. If I repeat step 3, but try to add super librarian permissions to a staff patron who is not a a super librarian (User 3, Edna Acosta), I get the same error as I got for Henery in step 3 above. 5. If I try to set the permissions for another non-staff patron (I chose Lisa Charles, ), I get the hover message but it has the correct system preference name. 6. If I repeat steps 3 to 5, with ProtectSuperlibrarianPrivileges set to "Allow all permitted users", Mary should be able to change the permissions for superlibrarians and add superlibrarian privileges to other patrons: . Mary trying to change Henry's permissions: can't change, get "Error: You do not have permission to access this page." . Mary trying to change Edna's permissions: can't change get "Error: You do not have permission to access this page." . Mary trying to change Lisa's permissions (K - Kid patron category): I can change to a superlibrarian! 7. I applied the patch and repeated the steps - I got the same results. NOTES: 1. I logged Mary out each time I changed any permissions or system preference values. 2. If I applied the patch, and did a restart_all, for step 4 above, I get the login form and "Error: You do not have permission to access this page.". [1] Permission names and codes ------------------------------ - Access to all librarian functions (superlibrarian) - Staff access, allows viewing of catalogue in staff interface (catalogue) - Add, modify and view patron information (borrowers) - Set user permissions (permissions) -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
