Bug 26721: Fix permission check on debit and credit type admin pages

At the moment the pages falsely check for parameters_remaining_permissions,
but they should check the specific manage_accounts permission.

To test:
- Create a new staff user with only catalog and manage_acccounts
  permissions
- Log in with this staff user and go to the admin page
- You will see the debit and credit type sections, but won't be
  able to access them
- Apply the patch
- Veriy the links still show, but pages are now accessible

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

diff --git a/admin/credit_types.pl b/admin/credit_types.pl
index 848a00b..48ec9b4 100755 (executable)
--- a/admin/credit_types.pl
+++ b/admin/credit_types.pl
@@ -38,7 +38,7 @@ my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
         template_name   => "admin/credit_types.tt",
         query           => $input,
         type            => "intranet",
-        flagsrequired   => { parameters => 'parameters_remaining_permissions' },
+        flagsrequired   => { parameters => 'manage_accounts' },
         debug           => 1,
     }
 );

diff --git a/admin/debit_types.pl b/admin/debit_types.pl
index 5f7081d..7d0f6e8 100755 (executable)
--- a/admin/debit_types.pl
+++ b/admin/debit_types.pl
@@ -38,7 +38,7 @@ my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
         template_name   => "admin/debit_types.tt",
         query           => $input,
         type            => "intranet",
-        flagsrequired   => { parameters => 'parameters_remaining_permissions' },
+        flagsrequired   => { parameters => 'manage_accounts' },
         debug           => 1,
     }
 );