http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=13910
Katrin Fischer <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #38651|0 |1 is obsolete| | Attachment #38652|0 |1 is obsolete| | --- Comment #11 from Katrin Fischer <[email protected]> --- Created attachment 38678 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=38678&action=edit [PASSED QA] Bug 13910 - Prevent delete of one's own patron account This patch adds a check to prevent deleting the user's own account. Additionali it fixes a "missing link" in moremember.pl and wrong comparisions in moremember.tt regarding other forbidden deleting. To test: - Apply patch - Create a user with sufficient privileges to delete users - Log in as this new user - Try to delete this user. Confirm message box "Are you sure..." - Confirm that you get a message "Not allowed to delete own account" and that the user still exists. Bonus test: Try to trigger other forbidden deletions (see members/deletemem.pl): 'CANT_DELETE_STAFF', 'CANT_DELETE_OTHERLIBRARY', 'CANT_DELETE' (You can fake it by using an URL like: /cgi-bin/koha/members/moremember.pl?borrowernumber=115&error=CANT_DELETE_STAFF etc.) Without patch, no message appears. With patch, messages appear as appropriate. Signed-off-by: Mark Tompsett <[email protected]> NOTE: Attempted all CANT combinations. From reading the code, this is kind of an important patch, because I'm not sure deleting error messages work at all right now based on what I read. Signed-off-by: Jonathan Druart <[email protected]> Signed-off-by: Katrin Fischer <[email protected]> -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
