projects / srvgit / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f26b68a)
Bug 20100: Disallow access to superlibrarian privileges at client side
authorMarcel de Rooy <m.de.rooy@rijksmuseum.nl>
Wed, 31 Jan 2018 15:47:23 +0000 (16:47 +0100)
committerJonathan Druart <jonathan.druart@bugs.koha-community.org>
Wed, 25 Apr 2018 13:23:53 +0000 (10:23 -0300)
This last patch activates the check at client side.
If the pref ProtectSuperlibPrivs is enabled, non-superlibs should not be
able to change superlibrarian privileges via the interface.

Test plan:
[1] Enable the pref.
[2] Login as superlib and add/remove superlib privs to a staff user.
[3] Login as another user (no superlib, but having borrowers, permissions
    and staff_access). Verify that you cannot add or remove superlib
    privs.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: JM Broust <jean-manuel.broust@univ-lyon2.fr>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
koha-tmpl/intranet-tmpl/prog/en/modules/members/member-flags.tt patch | blob | history

diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/members/member-flags.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/members/member-flags.tt
index d380187..f5631f2 100644 (file)
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/members/member-flags.tt
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/members/member-flags.tt
@@ -122,6 +122,12 @@
                 }
             });
 
+            [% IF disable_superlibrarian_privs %]
+                $("input#flag-0").attr("disabled", true);
+                $("form").submit(function(e) {
+                    $("input#flag-0").removeAttr("disabled");
+                });
+            [% END %]
         });
 
         // manage checking/unchecking parent permissions
KOHA@FFZG based on git://git.koha.org/pub/scm/koha.git