https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18898
Nick Clemens <n...@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #65320|0 |1 is obsolete| | --- Comment #6 from Nick Clemens <n...@bywatersolutions.com> --- Created attachment 65337 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=65337&action=edit Bug 18898 - Some permissions for Reports can be bypassed If you manually visit the following links when you only have permission to run reports, you'll still be able to access the ability to create and edit reports: /cgi-bin/koha/reports/guided_reports.pl?phase=Create%20report%20from%20SQL /cgi-bin/koha/reports/guided_reports.pl?phase=Edit%20SQL This patch ties these 2 unaccounted for phases to the create_reports permission. With patch, issue no longer can be reproduced. Signed-off-by: Marc VĂ©ron <ve...@veron.ch> Signed-off-by: Nick Clemens <n...@bywatersolutions.com> -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/