https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18898
Nick Clemens <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #65320|0 |1 is obsolete| | --- Comment #6 from Nick Clemens <[email protected]> --- Created attachment 65337 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=65337&action=edit Bug 18898 - Some permissions for Reports can be bypassed If you manually visit the following links when you only have permission to run reports, you'll still be able to access the ability to create and edit reports: /cgi-bin/koha/reports/guided_reports.pl?phase=Create%20report%20from%20SQL /cgi-bin/koha/reports/guided_reports.pl?phase=Edit%20SQL This patch ties these 2 unaccounted for phases to the create_reports permission. With patch, issue no longer can be reproduced. Signed-off-by: Marc VĂ©ron <[email protected]> Signed-off-by: Nick Clemens <[email protected]> -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
