https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23415

--- Comment #229 from Martin Renvoize (ashimema) 
<[email protected]> ---
Created attachment 193083
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=193083&action=edit
Bug 23415: (QA follow-up) Fix logic and security issues

This commit addresses several issues found in QA review:

1. Fixed logic bug in C4::Circulation::CanBookBeRenewed
   - Removed incorrect check of AllowFineOverrideRenewing preference
   - The function now always returns 'too_much_oweing' error when
     patron balance exceeds FineNoRenewals limit
   - AllowFineOverrideRenewing should only control UI override
     capability, not the core renewal check
2. Added permission check in circ/renew.pl
   - Override is now only allowed when both override_debt parameter
     is set AND AllowFineOverrideRenewing preference is enabled
   - Prevents security issue where staff could bypass the preference
     by crafting POST requests
3. Fixed template to conditionally display override button
   - Override button in renew.tt now only shows when
     AllowFineOverrideRenewing is enabled
   - Prevents confusion when override is not permitted
4. Added test coverage
   - Tests verify CanBookBeRenewed behavior with AllowFineOverrideRenewing
     both enabled and disabled
   - Confirms error is always returned regardless of preference setting
5. Fixed minor issues
   - Fixed typo: "he patron" -> "the patron" in checkouts.js
   - Fixed typo: OPACFineNoRenewalsIncludeCredit ->
     OPACFineNoRenewalsIncludeCredits in test

All tests should pass successfully.

Sponsored-by: OpenFifth <https://openfifth.co.uk/>
Signed-off-by: Andrew Fuerste Henry <[email protected]>
Signed-off-by: Martin Renvoize <[email protected]>

-- 
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[email protected]
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

Reply via email to