[Koha-bugs] [Bug 30387] IndependentBranches allows users to change libraries when they should not be able to
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30387 Lucas Gass changed: What|Removed |Added Status|Failed QA |RESOLVED Resolution|--- |INVALID --- Comment #11 from Lucas Gass --- Since we need to move this logic from the system preference IndependentBranchesLoggedInLibrary into a permission, I am resolving this bug and will work on adding the permission in Bug 30624. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 30387] IndependentBranches allows users to change libraries when they should not be able to
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30387 Katrin Fischer changed: What|Removed |Added Status|In Discussion |Failed QA --- Comment #10 from Katrin Fischer --- Freeing this one from 'In Discussion' and moving it to Failed QA for comment#7: We need these changes not only in templates, but also server side. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 30387] IndependentBranches allows users to change libraries when they should not be able to
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30387 David Cook changed: What|Removed |Added CC||dc...@prosentient.com.au -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 30387] IndependentBranches allows users to change libraries when they should not be able to
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30387 Martin Renvoize changed: What|Removed |Added Status|Signed Off |In Discussion -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 30387] IndependentBranches allows users to change libraries when they should not be able to
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30387 Victor Grousset/tuxayo changed: What|Removed |Added Patch complexity|--- |Trivial patch -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 30387] IndependentBranches allows users to change libraries when they should not be able to
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30387 --- Comment #9 from Martin Renvoize --- So I dug through the history.. it was indeed a deliberate feature introduced in bug 6841.. though the bug is sparse of details.. the commit is a little clearer: https://git.koha-community.org/Koha-community/Koha/commit/c2015c710355a0ab81306515a70af29e6aef3504 Honestly, I'm not close enough IndependantBranches to really wrap my head around the objectives as a whole.. but it sounds like a reasonable change to me generally. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 30387] IndependentBranches allows users to change libraries when they should not be able to
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30387 --- Comment #8 from Katrin Fischer --- I think Joubu is right about that the change needs to be not only in the templates, but secured server side as well. I think we'd definitely need to push this together with 29887 to make sure we don't break someones use case by closing this loop-holes. Would it make sense to test both patches together? As this is now SO I have moved bug 29887 back into the QA queue. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 30387] IndependentBranches allows users to change libraries when they should not be able to
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30387 --- Comment #7 from Jonathan Druart --- (In reply to Martin Renvoize from comment #6) > Hmm, wasn't there actually a reason cataloguers needed to be able to change > library? I have a feeling this was a feature rather than a bug as I've > asked this question before.. ccing people to help dredge the hive mind. It's the purpose of bug 29887 if I understand correctly. This patch should provide a change at the controller level (and not only hide the link in the template). -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 30387] IndependentBranches allows users to change libraries when they should not be able to
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30387 Martin Renvoize changed: What|Removed |Added CC||jonathan.druart+koha@gmail. ||com, ||katrin.fisc...@bsz-bw.de -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 30387] IndependentBranches allows users to change libraries when they should not be able to
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30387 Martin Renvoize changed: What|Removed |Added CC||martin.renvoize@ptfs-europe ||.com --- Comment #6 from Martin Renvoize --- Hmm, wasn't there actually a reason cataloguers needed to be able to change library? I have a feeling this was a feature rather than a bug as I've asked this question before.. ccing people to help dredge the hive mind. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 30387] IndependentBranches allows users to change libraries when they should not be able to
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30387 Andrew Fuerste-Henry changed: What|Removed |Added Attachment #133990|0 |1 is obsolete|| --- Comment #5 from Andrew Fuerste-Henry --- Created attachment 134002 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=134002=edit Bug 30387: Only allow superlibrarians to set library with IndependentBranches enabled To test: 1. Turn on IndependentBranches. 2. Give a staff member editcatalogue permissions but not superlibrarian permissions. 3. Once logged in as that staff member click on the name in the top right corner, notice that the 'Set library' button is there. 4. Turn on the CircSidebar system preference and go to any page that includes the CircSidebar. ( returns.tt, circulation,tt ). Notcie the Set library button is visibile. 5. Go to '/cgi-bin/koha/circ/set-library.pl', notice you can set your library to something else. 6. Apply patch 7. Again with the staff member who has editcatalogue permissions but not superlibrarian permissions try steps 3-5. This time you should not see the 'Set library' links. On '/cgi-bin/koha/circ/set-library.pl' you should not be able to change your library. 8. With a superlibrarian try steps 3-5, you should see the 'Set library' links and on '/cgi-bin/koha/circ/set-library.pl' you should be able to set your library 9. Turn on 'UseCirculationDesks'. 10. When repeating 3-5 make sure you can see only the 'Set desk' links while logged in as the non-superlibrarian. On '/cgi-bin/koha/circ/set-library.pl' you should only be able to 'Set desk'. 11. Now with a staff member who has neither superlibrarian permissions OR editcatalogue permissions do steps 3-5. You should NOT see the 'Set library links' but you should see the 'Set desk' links. Signed-off-by: Andrew Fuerste-Henry Signed-off-by: Bob Bennhoff -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 30387] IndependentBranches allows users to change libraries when they should not be able to
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30387 Andrew Fuerste-Henry changed: What|Removed |Added Attachment #132352|0 |1 is obsolete|| --- Comment #4 from Andrew Fuerste-Henry --- Created attachment 133990 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=133990=edit Bug 30387: Only allow superlibrarians to set library with IndependentBranches enabled To test: 1. Turn on IndependentBranches. 2. Give a staff member editcatalogue permissions but not superlibrarian permissions. 3. Once logged in as that staff member click on the name in the top right corner, notice that the 'Set library' button is there. 4. Turn on the CircSidebar system preference and go to any page that includes the CircSidebar. ( returns.tt, circulation,tt ). Notcie the Set library button is visibile. 5. Go to '/cgi-bin/koha/circ/set-library.pl', notice you can set your library to something else. 6. Apply patch 7. Again with the staff member who has editcatalogue permissions but not superlibrarian permissions try steps 3-5. This time you should not see the 'Set library' links. On '/cgi-bin/koha/circ/set-library.pl' you should not be able to change your library. 8. With a superlibrarian try steps 3-5, you should see the 'Set library' links and on '/cgi-bin/koha/circ/set-library.pl' you should be able to set your library 9. Turn on 'UseCirculationDesks'. 10. When repeating 3-5 make sure you can see only the 'Set desk' links while logged in as the non-superlibrarian. On '/cgi-bin/koha/circ/set-library.pl' you should only be able to 'Set desk'. 11. Now with a staff member who has neither superlibrarian permissions OR editcatalogue permissions do steps 3-5. You should NOT see the 'Set library links' but you should see the 'Set desk' links. Signed-off-by: Andrew Fuerste-Henry -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 30387] IndependentBranches allows users to change libraries when they should not be able to
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30387 Andrew Fuerste-Henry changed: What|Removed |Added Status|Needs Signoff |Signed Off -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 30387] IndependentBranches allows users to change libraries when they should not be able to
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30387 Andrew Fuerste-Henry changed: What|Removed |Added Status|Failed QA |Needs Signoff --- Comment #3 from Andrew Fuerste-Henry --- Nevermind, user error. Back to NSO. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 30387] IndependentBranches allows users to change libraries when they should not be able to
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30387 Andrew Fuerste-Henry changed: What|Removed |Added CC||and...@bywatersolutions.com Status|Needs Signoff |Failed QA --- Comment #2 from Andrew Fuerste-Henry --- Test plan failed on step 10. As a non-superlibrarian, I get the Set Desks page, but no content in the Desks dropdown. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 30387] IndependentBranches allows users to change libraries when they should not be able to
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30387 Lucas Gass changed: What|Removed |Added Assignee|koha-b...@lists.koha-commun |lu...@bywatersolutions.com |ity.org | -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 30387] IndependentBranches allows users to change libraries when they should not be able to
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30387 Lucas Gass changed: What|Removed |Added Summary|IndependentBranches allows |IndependentBranches allows |users to change libraries |users to change libraries |when the should not be able |when they should not be |to |able to -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 30387] IndependentBranches allows users to change libraries when the should not be able to
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30387 --- Comment #1 from Lucas Gass --- Created attachment 132352 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=132352=edit Bug 30387: Only allow superlibrarians to set library with IndependentBranches enabled To test: 1. Turn on IndependentBranches. 2. Give a staff member editcatalogue permissions but not superlibrarian permissions. 3. Once logged in as that staff member click on the name in the top right corner, notice that the 'Set library' button is there. 4. Turn on the CircSidebar system preference and go to any page that includes the CircSidebar. ( returns.tt, circulation,tt ). Notcie the Set library button is visibile. 5. Go to '/cgi-bin/koha/circ/set-library.pl', notice you can set your library to something else. 6. Apply patch 7. Again with the staff member who has editcatalogue permissions but not superlibrarian permissions try steps 3-5. This time you should not see the 'Set library' links. On '/cgi-bin/koha/circ/set-library.pl' you should not be able to change your library. 8. With a superlibrarian try steps 3-5, you should see the 'Set library' links and on '/cgi-bin/koha/circ/set-library.pl' you should be able to set your library 9. Turn on 'UseCirculationDesks'. 10. When repeating 3-5 make sure you can see only the 'Set desk' links while logged in as the non-superlibrarian. On '/cgi-bin/koha/circ/set-library.pl' you should only be able to 'Set desk'. 11. Now with a staff member who has neither superlibrarian permissions OR editcatalogue permissions do steps 3-5. You should NOT see the 'Set library links' but you should see the 'Set desk' links. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 30387] IndependentBranches allows users to change libraries when the should not be able to
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30387 Lucas Gass changed: What|Removed |Added Status|NEW |Needs Signoff -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 30387] IndependentBranches allows users to change libraries when the should not be able to
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30387 Lucas Gass changed: What|Removed |Added Blocks||29887 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29887 [Bug 29887] Create system preference IndependentBranchesLoggedInLibrary -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
