http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=12080
Jonathan Druart <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] | |m --- Comment #6 from Jonathan Druart <[email protected]> --- >From C4::Serials::can_edit_subscription: or C4::Auth::haspermission( $userid, {serials => 'superserials'}), or C4::Auth::haspermission( $userid, {serials => 'edit_subscription'}), If a user has edit_subscription he cans edit a subscription (without having superserials). But or $subscription->{branchcode} eq C4::Context->userenv->{'branch'} Means: if the user is on the same branch, he cans edit it too. So a user can edit a subscription without having the edit_subscription permission... hum... Who wrote this code?? (...) -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
