[Koha-bugs] [Bug 22724] Staff without writeoff permissions have access to 'Write off selected' button on Pay Fines tab
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22724 Martin Renvoize changed: What|Removed |Added CC||martin.renvoize@ptfs-europe ||.com Status|Pushed to Master|Pushed to Stable Version(s)||19.05.00, 18.11.06 released in|| --- Comment #22 from Martin Renvoize --- Pushed to 18.11.x for 18.11.06 -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 22724] Staff without writeoff permissions have access to 'Write off selected' button on Pay Fines tab
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22724 Nick Clemens changed: What|Removed |Added Status|Passed QA |Pushed to Master --- Comment #21 from Nick Clemens --- Awesome work all! Pushed to master for 19.05 -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 22724] Staff without writeoff permissions have access to 'Write off selected' button on Pay Fines tab
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22724 Nick Clemens changed: What|Removed |Added Attachment #89879|1 |0 is obsolete|| -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 22724] Staff without writeoff permissions have access to 'Write off selected' button on Pay Fines tab
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22724 Kyle M Hall changed: What|Removed |Added Status|Signed Off |Passed QA -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 22724] Staff without writeoff permissions have access to 'Write off selected' button on Pay Fines tab
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22724 Kyle M Hall changed: What|Removed |Added Attachment #89878|0 |1 is obsolete|| Attachment #89879|0 |1 is obsolete|| --- Comment #20 from Kyle M Hall --- Created attachment 90153 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=90153&action=edit Bug 22724: Allow only users with correct permissions to 'Write off selected' Due to the addition of a 'Write off selected' button in 18.11, users without writeoff permissions could mistakenly view and action the 'Write off selected' option for a patron in Accounting > Make a payment (Fines > Pay fines). The attached patch corrects this error. Test plan: 1) Make sure that a staff user has '(writeoff) Write off fines and fees' permission disabled 2) Bring up a patron with an unpaid fee, go to Accounting -> Make a payment 3) Note that 'Write off selected' button is displayed. 4) Select a fee, click 'Write off selected'. Note that staff member has access to 'Write off an amount toward selected fines' 5) Apply the patch 6) Repeat steps 1-2, and note that the button is no longer displayed 7) Bonus points, as a staff user with writeoff permissions enabled check that all four buttons (Pay amount, Pay selected, Write off all, Write off selected) are displayed Sponsored-by: Catalyst IT Signed-off-by: Liz Rea Signed-off-by: Katrin Fischer Signed-off-by: Liz Rea Signed-off-by: Kyle M Hall -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 22724] Staff without writeoff permissions have access to 'Write off selected' button on Pay Fines tab
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22724 --- Comment #19 from Liz Rea --- Created attachment 89879 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=89879&action=edit Bug 22724: Check permissions in the script before displaying template Signed-off-by: Liz Rea -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 22724] Staff without writeoff permissions have access to 'Write off selected' button on Pay Fines tab
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22724 Liz Rea changed: What|Removed |Added Attachment #89826|0 |1 is obsolete|| Attachment #89827|0 |1 is obsolete|| --- Comment #18 from Liz Rea --- Created attachment 89878 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=89878&action=edit Bug 22724: Allow only users with correct permissions to 'Write off selected' Due to the addition of a 'Write off selected' button in 18.11, users without writeoff permissions could mistakenly view and action the 'Write off selected' option for a patron in Accounting > Make a payment (Fines > Pay fines). The attached patch corrects this error. Test plan: 1) Make sure that a staff user has '(writeoff) Write off fines and fees' permission disabled 2) Bring up a patron with an unpaid fee, go to Accounting -> Make a payment 3) Note that 'Write off selected' button is displayed. 4) Select a fee, click 'Write off selected'. Note that staff member has access to 'Write off an amount toward selected fines' 5) Apply the patch 6) Repeat steps 1-2, and note that the button is no longer displayed 7) Bonus points, as a staff user with writeoff permissions enabled check that all four buttons (Pay amount, Pay selected, Write off all, Write off selected) are displayed Sponsored-by: Catalyst IT Signed-off-by: Katrin Fischer Signed-off-by: Liz Rea -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 22724] Staff without writeoff permissions have access to 'Write off selected' button on Pay Fines tab
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22724 Liz Rea changed: What|Removed |Added Status|Needs Signoff |Signed Off -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 22724] Staff without writeoff permissions have access to 'Write off selected' button on Pay Fines tab
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22724 --- Comment #17 from Nick Clemens --- Note if we check in the script, we never display the writeoff template to the user, so we don't need the alerts, or the check to display the writeoff button on paycollect I renamed two variables for clarity as well The script could use some work overall, the logical flow is not as clear as it could be. Let me know if this works for you and makes sense Hayley -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 22724] Staff without writeoff permissions have access to 'Write off selected' button on Pay Fines tab
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22724 Nick Clemens changed: What|Removed |Added Attachment #89602|0 |1 is obsolete|| Attachment #89603|0 |1 is obsolete|| Attachment #89604|0 |1 is obsolete|| --- Comment #15 from Nick Clemens --- Created attachment 89826 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=89826&action=edit Bug 22724: Allow only users with correct permissions to 'Write off selected' Due to the addition of a 'Write off selected' button in 18.11, users without writeoff permissions could mistakenly view and action the 'Write off selected' option for a patron in Accounting > Make a payment (Fines > Pay fines). The attached patch corrects this error. Test plan: 1) Make sure that a staff user has '(writeoff) Write off fines and fees' permission disabled 2) Bring up a patron with an unpaid fee, go to Accounting -> Make a payment 3) Note that 'Write off selected' button is displayed. 4) Select a fee, click 'Write off selected'. Note that staff member has access to 'Write off an amount toward selected fines' 5) Apply the patch 6) Repeat steps 1-2, and note that the button is no longer displayed 7) Bonus points, as a staff user with writeoff permissions enabled check that all four buttons (Pay amount, Pay selected, Write off all, Write off selected) are displayed Sponsored-by: Catalyst IT Signed-off-by: Liz Rea Signed-off-by: Katrin Fischer -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 22724] Staff without writeoff permissions have access to 'Write off selected' button on Pay Fines tab
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22724 Nick Clemens changed: What|Removed |Added Status|Failed QA |Needs Signoff -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 22724] Staff without writeoff permissions have access to 'Write off selected' button on Pay Fines tab
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22724 --- Comment #16 from Nick Clemens --- Created attachment 89827 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=89827&action=edit Bug 22724: Check permissions in the script before displaying template -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 22724] Staff without writeoff permissions have access to 'Write off selected' button on Pay Fines tab
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22724 --- Comment #14 from Nick Clemens --- (In reply to Hayley Mapley from comment #13) > The second patch that I added enforced removal of the submit button if the > staff user managed to find a way to get to paycollect.tt to confirm the > payment/writeoff (either through constructing a url or adding the button > somehow). If the user doesn't have the permissions, the button will not be > there. Is this button you talked about adding manually to the page? > > If this isn't your concern, I will look into the server side check you > mentioned > > Thanks for looking at it! Yup, that was the button I edited back in. I looked again today, we don't need haspermission, we just need to make sure the page requires the writeoff permission whenever it is a write off. Attaching a patch for testing -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 22724] Staff without writeoff permissions have access to 'Write off selected' button on Pay Fines tab
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22724 --- Comment #13 from Hayley Mapley --- (In reply to Nick Clemens from comment #11) > Hi Hayley, > > We need a server side check here for the permissions. With these patches I > can inspect the element, add the write-off button to submit, and write off > the charge > > This is probably true for payments as well. This will prevent 90% of the > cases, but we should probably strictly enforce. > > You can git grep for haspermission to see some examples The second patch that I added enforced removal of the submit button if the staff user managed to find a way to get to paycollect.tt to confirm the payment/writeoff (either through constructing a url or adding the button somehow). If the user doesn't have the permissions, the button will not be there. Is this button you talked about adding manually to the page? If this isn't your concern, I will look into the server side check you mentioned Thanks for looking at it! -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 22724] Staff without writeoff permissions have access to 'Write off selected' button on Pay Fines tab
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22724 --- Comment #12 from Katrin Fischer --- Hm, I tried to reach the URL directly and got a login 'not enough permissions' - can you explain a bit more? -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 22724] Staff without writeoff permissions have access to 'Write off selected' button on Pay Fines tab
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22724 Nick Clemens changed: What|Removed |Added CC||n...@bywatersolutions.com QA Contact|testo...@bugs.koha-communit |katrin.fisc...@bsz-bw.de |y.org | Status|Passed QA |Failed QA --- Comment #11 from Nick Clemens --- Hi Hayley, We need a server side check here for the permissions. With these patches I can inspect the element, add the write-off button to submit, and write off the charge This is probably true for payments as well. This will prevent 90% of the cases, but we should probably strictly enforce. You can git grep for haspermission to see some examples -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 22724] Staff without writeoff permissions have access to 'Write off selected' button on Pay Fines tab
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22724 Katrin Fischer changed: What|Removed |Added Status|Signed Off |Passed QA Patch complexity|--- |Small patch -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 22724] Staff without writeoff permissions have access to 'Write off selected' button on Pay Fines tab
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22724 --- Comment #10 from Katrin Fischer --- Created attachment 89604 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=89604&action=edit Bug 22724: (QA follow-up) Fix permission when using the individual writeoff button Signed-off-by: Katrin Fischer -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 22724] Staff without writeoff permissions have access to 'Write off selected' button on Pay Fines tab
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22724 Katrin Fischer changed: What|Removed |Added Attachment #89485|0 |1 is obsolete|| --- Comment #9 from Katrin Fischer --- Created attachment 89603 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=89603&action=edit Bug 22724: (follow-up) Block writeoffs when user has wrong permissions This patch is a followup which displays an alert and removes the submit button when a user who does not have writeoff permissions manages to make it to the 'Make a payment' tab with a writeoff URL. Test plan: 1) Login as a staff user with writeoff permissions disabled, ensure you have sample users, then click the URL: http://localhost:8081/cgi-bin/koha/members/paycollect.pl?borrowernumber=21&type=writeoff&amt=4&selected=1¬es= => Note that you are able to write off the charge with no warning 2) Apply the patch 3) Repeat step 1 => Note that an alert displays and the button to confirm the writeoff has been removed 4) Repeat step 1, this time logging in as a staff user with writeoff permissions enabled => Note that the button displays and you can perform the writeoff Sponsored-by: Catalyst IT Signed-off-by: Liz Rea Signed-off-by: Katrin Fischer -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 22724] Staff without writeoff permissions have access to 'Write off selected' button on Pay Fines tab
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22724 Katrin Fischer changed: What|Removed |Added Attachment #89475|0 |1 is obsolete|| --- Comment #8 from Katrin Fischer --- Created attachment 89602 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=89602&action=edit Bug 22724: Allow only users with correct permissions to 'Write off selected' Due to the addition of a 'Write off selected' button in 18.11, users without writeoff permissions could mistakenly view and action the 'Write off selected' option for a patron in Accounting > Make a payment (Fines > Pay fines). The attached patch corrects this error. Test plan: 1) Make sure that a staff user has '(writeoff) Write off fines and fees' permission disabled 2) Bring up a patron with an unpaid fee, go to Accounting -> Make a payment 3) Note that 'Write off selected' button is displayed. 4) Select a fee, click 'Write off selected'. Note that staff member has access to 'Write off an amount toward selected fines' 5) Apply the patch 6) Repeat steps 1-2, and note that the button is no longer displayed 7) Bonus points, as a staff user with writeoff permissions enabled check that all four buttons (Pay amount, Pay selected, Write off all, Write off selected) are displayed Sponsored-by: Catalyst IT Signed-off-by: Liz Rea Signed-off-by: Katrin Fischer -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 22724] Staff without writeoff permissions have access to 'Write off selected' button on Pay Fines tab
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22724 --- Comment #7 from Hayley Mapley --- (In reply to Liz Rea from comment #6) > This works, I'm going to leave it to people up the chain to say whether they > like this implementation, but thank you very much for the quick turnaround, > it will be great to get this fixed! > > Cheers, > Liz Thanks for signing off Liz! Definitely, I figured I would just get it out so that I can make any changes needed quicker. Cheers, Hayley -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 22724] Staff without writeoff permissions have access to 'Write off selected' button on Pay Fines tab
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22724 --- Comment #6 from Liz Rea --- This works, I'm going to leave it to people up the chain to say whether they like this implementation, but thank you very much for the quick turnaround, it will be great to get this fixed! Cheers, Liz -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 22724] Staff without writeoff permissions have access to 'Write off selected' button on Pay Fines tab
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22724 Liz Rea changed: What|Removed |Added Status|Needs Signoff |Signed Off -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 22724] Staff without writeoff permissions have access to 'Write off selected' button on Pay Fines tab
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22724 Liz Rea changed: What|Removed |Added Attachment #89482|0 |1 is obsolete|| --- Comment #5 from Liz Rea --- Created attachment 89485 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=89485&action=edit Bug 22724: (follow-up) Block writeoffs when user has wrong permissions This patch is a followup which displays an alert and removes the submit button when a user who does not have writeoff permissions manages to make it to the 'Make a payment' tab with a writeoff URL. Test plan: 1) Login as a staff user with writeoff permissions disabled, ensure you have sample users, then click the URL: http://localhost:8081/cgi-bin/koha/members/paycollect.pl?borrowernumber=21&type=writeoff&amt=4&selected=1¬es= => Note that you are able to write off the charge with no warning 2) Apply the patch 3) Repeat step 1 => Note that an alert displays and the button to confirm the writeoff has been removed 4) Repeat step 1, this time logging in as a staff user with writeoff permissions enabled => Note that the button displays and you can perform the writeoff Sponsored-by: Catalyst IT Signed-off-by: Liz Rea -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 22724] Staff without writeoff permissions have access to 'Write off selected' button on Pay Fines tab
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22724 Hayley Mapley changed: What|Removed |Added Status|Failed QA |Needs Signoff -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 22724] Staff without writeoff permissions have access to 'Write off selected' button on Pay Fines tab
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22724 --- Comment #4 from Hayley Mapley --- Created attachment 89482 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=89482&action=edit Bug 22724: (follow-up) Block writeoffs when user has wrong permissions This patch is a followup which displays an alert and removes the submit button when a user who does not have writeoff permissions manages to make it to the 'Make a payment' tab with a writeoff URL. Test plan: 1) Login as a staff user with writeoff permissions disabled, ensure you have sample users, then click the URL: http://localhost:8081/cgi-bin/koha/members/paycollect.pl?borrowernumber=21&type=writeoff&amt=4&selected=1¬es= => Note that you are able to write off the charge with no warning 2) Apply the patch 3) Repeat step 1 => Note that an alert displays and the button to confirm the writeoff has been removed 4) Repeat step 1, this time logging in as a staff user with writeoff permissions enabled => Note that the button displays and you can perform the writeoff Sponsored-by: Catalyst IT -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 22724] Staff without writeoff permissions have access to 'Write off selected' button on Pay Fines tab
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22724 Liz Rea changed: What|Removed |Added Status|Signed Off |Failed QA CC||wizzy...@gmail.com --- Comment #3 from Liz Rea --- Hi Hailey, Thanks for this patch, it does fix part of the problem, which is the button appearing when it shouldn't, but we can still do the actual write off by going to a URL constructed as follows: http://localhost:8081/cgi-bin/koha/members/paycollect.pl?borrowernumber=21&type=writeoff&amt=4&selected=1¬es= Your patch for the button is good, and can stay signed off. A follow up to fix this bad behaviour as well would be good as part of fixing this bug. Thanks, and good luck, Liz -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 22724] Staff without writeoff permissions have access to 'Write off selected' button on Pay Fines tab
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22724 Liz Rea changed: What|Removed |Added Status|Needs Signoff |Signed Off -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 22724] Staff without writeoff permissions have access to 'Write off selected' button on Pay Fines tab
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22724 Liz Rea changed: What|Removed |Added Attachment #89457|0 |1 is obsolete|| --- Comment #2 from Liz Rea --- Created attachment 89475 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=89475&action=edit Bug 22724: Allow only users with correct permissions to 'Write off selected' Due to the addition of a 'Write off selected' button in 18.11, users without writeoff permissions could mistakenly view and action the 'Write off selected' option for a patron in Accounting > Make a payment (Fines > Pay fines). The attached patch corrects this error. Test plan: 1) Make sure that a staff user has '(writeoff) Write off fines and fees' permission disabled 2) Bring up a patron with an unpaid fee, go to Accounting -> Make a payment 3) Note that 'Write off selected' button is displayed. 4) Select a fee, click 'Write off selected'. Note that staff member has access to 'Write off an amount toward selected fines' 5) Apply the patch 6) Repeat steps 1-2, and note that the button is no longer displayed 7) Bonus points, as a staff user with writeoff permissions enabled check that all four buttons (Pay amount, Pay selected, Write off all, Write off selected) are displayed Sponsored-by: Catalyst IT Signed-off-by: Liz Rea -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 22724] Staff without writeoff permissions have access to 'Write off selected' button on Pay Fines tab
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22724 Hayley Mapley changed: What|Removed |Added Status|ASSIGNED|Needs Signoff -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 22724] Staff without writeoff permissions have access to 'Write off selected' button on Pay Fines tab
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22724 --- Comment #1 from Hayley Mapley --- Created attachment 89457 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=89457&action=edit Bug 22724: Allow only users with correct permissions to 'Write off selected' Due to the addition of a 'Write off selected' button in 18.11, users without writeoff permissions could mistakenly view and action the 'Write off selected' option for a patron in Accounting > Make a payment (Fines > Pay fines). The attached patch corrects this error. Test plan: 1) Make sure that a staff user has '(writeoff) Write off fines and fees' permission disabled 2) Bring up a patron with an unpaid fee, go to Accounting -> Make a payment 3) Note that 'Write off selected' button is displayed. 4) Select a fee, click 'Write off selected'. Note that staff member has access to 'Write off an amount toward selected fines' 5) Apply the patch 6) Repeat steps 1-2, and note that the button is no longer displayed 7) Bonus points, as a staff user with writeoff permissions enabled check that all four buttons (Pay amount, Pay selected, Write off all, Write off selected) are displayed Sponsored-by: Catalyst IT -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 22724] Staff without writeoff permissions have access to 'Write off selected' button on Pay Fines tab
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22724 Hayley Mapley changed: What|Removed |Added CC||hayleymap...@catalyst.net.n ||z Assignee|koha-b...@lists.koha-commun |hayleymap...@catalyst.net.n |ity.org |z Status|NEW |ASSIGNED -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 22724] Staff without writeoff permissions have access to 'Write off selected' button on Pay Fines tab
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22724 Chris Cormack changed: What|Removed |Added CC||ch...@bigballofwax.co.nz Version|18.11 |master -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 22724] Staff without writeoff permissions have access to 'Write off selected' button on Pay Fines tab
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22724 Margaret changed: What|Removed |Added CC||margaret@bywatersolutions.c ||om -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 22724] Staff without writeoff permissions have access to 'Write off selected' button on Pay Fines tab
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22724 Barton Chittenden changed: What|Removed |Added CC||bar...@bywatersolutions.com Version|18.05 |18.11 -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/