https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23415
--- Comment #229 from Martin Renvoize (ashimema) <[email protected]> --- Created attachment 193083 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=193083&action=edit Bug 23415: (QA follow-up) Fix logic and security issues This commit addresses several issues found in QA review: 1. Fixed logic bug in C4::Circulation::CanBookBeRenewed - Removed incorrect check of AllowFineOverrideRenewing preference - The function now always returns 'too_much_oweing' error when patron balance exceeds FineNoRenewals limit - AllowFineOverrideRenewing should only control UI override capability, not the core renewal check 2. Added permission check in circ/renew.pl - Override is now only allowed when both override_debt parameter is set AND AllowFineOverrideRenewing preference is enabled - Prevents security issue where staff could bypass the preference by crafting POST requests 3. Fixed template to conditionally display override button - Override button in renew.tt now only shows when AllowFineOverrideRenewing is enabled - Prevents confusion when override is not permitted 4. Added test coverage - Tests verify CanBookBeRenewed behavior with AllowFineOverrideRenewing both enabled and disabled - Confirms error is always returned regardless of preference setting 5. Fixed minor issues - Fixed typo: "he patron" -> "the patron" in checkouts.js - Fixed typo: OPACFineNoRenewalsIncludeCredit -> OPACFineNoRenewalsIncludeCredits in test All tests should pass successfully. Sponsored-by: OpenFifth <https://openfifth.co.uk/> Signed-off-by: Andrew Fuerste Henry <[email protected]> Signed-off-by: Martin Renvoize <[email protected]> -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
