https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=32971
Bug ID: 32971
Summary: Access to ERM module requires 'erm' permission and
'vendors_manage' acquisition sub-permission
Change sponsored?: ---
Product: Koha
Version: master
Hardware: All
OS: All
Status: In Discussion
Severity: enhancement
Priority: P5 - low
Component: ERM
Assignee: [email protected]
Reporter: [email protected]
CC: [email protected],
[email protected],
[email protected],
[email protected], [email protected]
Depends on: 32968
To reproduce:
- Enable ERMModule
- Login as a staff member that only has 2 permissions:
-- catalogue (required for staff login)
-- erm
- Access erm page, check the 403 forbidden error
This happens because ERM module is requesting the /api/v1/acquisitions/vendors
api endpoint which in turn requires the vendors_manage sub-permission (see
acquisitions_vendors.yaml).
If you enable the acquisition vendors_manage sub-permission for that user,
you're able to confirm that you can now access the ERM module as expected.
Ideally, having just the 'erm' permission should be enough to be granted access
to ERM.
Referenced Bugs:
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=32968
[Bug 32968] Create granular permissions for ERM
--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[email protected]
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
