https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=39848
Bug ID: 39848
Summary: Unauthorized users can delete the record if no items
remain from the batch item deletion tool
Change sponsored?: ---
Product: Koha
Version: 24.11
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5 - low
Component: Cataloging
Assignee: [email protected]
Reporter: [email protected]
QA Contact: [email protected]
CC: [email protected]
Users without the edit_catalogue permission can delete the record if no items
remain from the batch item deletion tool.
To test,
1. Create a user with the following permissions: edit_any_item, edit_items,
items_batchdel, items_batchmod.
2. When logged in as that user, use the batch item deletion tool to delete a
few items.
3. Select “Delete records if no items remain” and “Delete selected items.”
When the job has processed, notice that X item(s) deleted. X record(s) deleted.
The record deletion shouldn’t be possible without the edit_catalogue
permission.
--
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
_______________________________________________
Koha-bugs mailing list
[email protected]
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
