At the moment the pages falsely check for parameters_remaining_permissions,
but they should check the specific manage_accounts permission.
To test:
- Create a new staff user with only catalog and manage_acccounts
permissions
- Log in with this staff user and go to the admin page
- You will see the debit and credit type sections, but won't be
able to access them
- Apply the patch
- Veriy the links still show, but pages are now accessible
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
template_name => "admin/credit_types.tt",
query => $input,
type => "intranet",
- flagsrequired => { parameters => 'parameters_remaining_permissions' },
+ flagsrequired => { parameters => 'manage_accounts' },
debug => 1,
}
);
template_name => "admin/debit_types.tt",
query => $input,
type => "intranet",
- flagsrequired => { parameters => 'parameters_remaining_permissions' },
+ flagsrequired => { parameters => 'manage_accounts' },
debug => 1,
}
);