http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=13910
Marc Véron <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #38469|0 |1 is obsolete| | --- Comment #4 from Marc Véron <[email protected]> --- Created attachment 38629 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=38629&action=edit Bug 13910 - Prevent delete of one's own patron account This patch adds a check to prevent deleting the user's own account. Additionali it fixes a "missing link" in moremember.pl and wrong comparisions in moremember.tt regarding other forbidden deleting. To test: - Apply patch - Create a user with sufficient privileges to delete users - Log in as this new user - Try to delete this user. Confirm message box "Are you sure..." - Confirm that you get a message "Not allowed to delete own account" and that the user still exists. Bonus test: Try to trigger other forbidden deletions (see members/deletemem.pl): 'CANT_DELETE_STAFF', 'CANT_DELETE_OTHERLIBRARY', 'CANT_DELETE' (You can fake it by using an URL like: /cgi-bin/koha/members/moremember.pl?borrowernumber=115&error=CANT_DELETE_STAFF etc.) Without patch, no message appears. With patch, messages appear as appropriate. --- Amended to restore accidentally removed line in moremember.tt, see comment #3 /mv -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
