http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=7290
Katrin Fischer <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Signed Off |Failed QA --- Comment #57 from Katrin Fischer <[email protected]> --- Hm, some thoughts on permission management in acq for the parcel list: - I have removed all _all permissions from my staff patron - I have set AcqViewBaskets to 'created or managed by staff member' I can't access a basket now, that belongs to another library and was also created by another staff user than me. But: On the parcel page, I can still see all the information about the orders. I can't receive them (good!), but I can still delete and transfer the orders (not good!) Thinking about big libraries and the need to hide information from others, I feel like there should be a combination of permissions here, that results in me not seeing the order lines of other libraries at all. I'd expect the combination above should do it, but it doesn't. When I also remove the 'order_manage' permission, I get a permission error on clicking 'transfer' and 'delete' - but the links shouldn't be showing in the first place. I think the current situation is not very good here :( The feature itself seems to be working ok, only found a small bug so far: Manipulating the URL to gain access to an order I cannot receive it displays a nice error message, but there is a small error in the heading on the page: Receive items from : Books Books Books [HASH(0x530f938)] (order #138) Waiting for the follow-ups and giving the permission problem some more thought. -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
