[Koha-bugs] [Bug 20707] Permissions for circ/ysearch.pl override specific page level permissions and delete sessions improperly
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20707 Martin Renvoize changed: What|Removed |Added Status|Pushed to Stable|RESOLVED Resolution|--- |FIXED -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 20707] Permissions for circ/ysearch.pl override specific page level permissions and delete sessions improperly
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20707 Martin Renvoize changed: What|Removed |Added Status|Pushed to Master|Pushed to Stable CC||martin.renvoize@ptfs-europe ||.com -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 20707] Permissions for circ/ysearch.pl override specific page level permissions and delete sessions improperly
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20707 Jonathan Druartchanged: What|Removed |Added Status|Passed QA |Pushed to Master --- Comment #7 from Jonathan Druart --- Pushed to master for 18.05, thanks to everybody involved! -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 20707] Permissions for circ/ysearch.pl override specific page level permissions and delete sessions improperly
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20707 Katrin Fischerchanged: What|Removed |Added Attachment #75220|0 |1 is obsolete|| --- Comment #6 from Katrin Fischer --- Created attachment 75242 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=75242=edit Bug 20707: Replace circ/search.pl circulate permission requirement with catalogue To test: 1 - Setup a staff patron with permissions: - catalogue - reserveforothers - course_reserves 2 - Log in to staff client as that patron 3 - Find a record and click to place a hold 4 - Type more than three letters into the search bar but don't submit 5 - Note that you will not receive autocomplete results 6 - Either submit, or try to visit any page in staff client 7 - Your session has been expired, you must log in again 8 - Log in, go to course reserves 9 - As before, trigger the autocomplete search in the instrcutor field 10 - Again your session has been terminated 11 - Apply patch 12 - Repeat above actions, this time you will not be kicked out Signed-off-by: Owen Leonard Signed-off-by: Katrin Fischer -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 20707] Permissions for circ/ysearch.pl override specific page level permissions and delete sessions improperly
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20707 Katrin Fischerchanged: What|Removed |Added Status|Signed Off |Passed QA -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 20707] Permissions for circ/ysearch.pl override specific page level permissions and delete sessions improperly
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20707 Jonathan Druartchanged: What|Removed |Added Assignee|koha-b...@lists.koha-commun |n...@bywatersolutions.com |ity.org | -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 20707] Permissions for circ/ysearch.pl override specific page level permissions and delete sessions improperly
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20707 Owen Leonardchanged: What|Removed |Added Attachment #75078|0 |1 is obsolete|| --- Comment #5 from Owen Leonard --- Created attachment 75220 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=75220=edit Bug 20707: Replace circ/search.pl circulate permission requirement with catalogue To test: 1 - Setup a staff patron with permissions: - catalogue - reserveforothers - course_reserves 2 - Log in to staff client as that patron 3 - Find a record and click to place a hold 4 - Type more than three letters into the search bar but don't submit 5 - Note that you will not receive autocomplete results 6 - Either submit, or try to visit any page in staff client 7 - Your session has been expired, you must log in again 8 - Log in, go to course reserves 9 - As before, trigger the autocomplete search in the instrcutor field 10 - Again your session has been terminated 11 - Apply patch 12 - Repeat above actions, this time you will not be kicked out Signed-off-by: Owen Leonard -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 20707] Permissions for circ/ysearch.pl override specific page level permissions and delete sessions improperly
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20707 Owen Leonardchanged: What|Removed |Added Status|Needs Signoff |Signed Off -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 20707] Permissions for circ/ysearch.pl override specific page level permissions and delete sessions improperly
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20707 Jonathan Druartchanged: What|Removed |Added Severity|critical|normal --- Comment #4 from Jonathan Druart --- So it's not critical finally? -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 20707] Permissions for circ/ysearch.pl override specific page level permissions and delete sessions improperly
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20707 Nick Clemenschanged: What|Removed |Added CC||jonathan.dru...@bugs.koha-c ||ommunity.org, ||katrin.fisc...@bsz-bw.de, ||k...@bywatersolutions.com -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 20707] Permissions for circ/ysearch.pl override specific page level permissions and delete sessions improperly
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20707 --- Comment #3 from Nick Clemens--- Note: Workaround is to disable CircAutoCompl -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 20707] Permissions for circ/ysearch.pl override specific page level permissions and delete sessions improperly
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20707 --- Comment #2 from Nick Clemens--- Created attachment 75078 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=75078=edit Bug 20707: Replace circ/search.pl circulate permission requirement with catalogue To test: 1 - Setup a staff patron with permissions: catalogue reserveforothers course_reserves 2 - Log in to staff client as that patron 3 - Find a record and click to place a hold 4 - Type more than three letters into the search bar but don't submit 5 - Note that you will not receive autocomplete results 6 - Either submit, or try to visit any page in staff client 7 - Your session has been expired, you must log in again 8 - Log in, go to course reserves 9 - As before, trigger the autocomplete search in the instrcutor field 10 - Again your session has been terminated 11 - Apply patch 12 - Repeat above actions, this time you will not be kicked out -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 20707] Permissions for circ/ysearch.pl override specific page level permissions and delete sessions improperly
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20707 Nick Clemenschanged: What|Removed |Added Patch complexity|--- |Trivial patch Status|NEW |Needs Signoff -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 20707] Permissions for circ/ysearch.pl override specific page level permissions and delete sessions improperly
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20707 Nick Clemenschanged: What|Removed |Added Summary|Permissions issue in|Permissions for |placing holds - users are |circ/ysearch.pl override |logged out |specific page level ||permissions and delete ||sessions improperly --- Comment #1 from Nick Clemens --- With Kyle's help we tracked this down: when placing a hold if you trigger the autocomplete i.e. ysearch.pl you are logged out as not having permissions circ/ysearch requires circulate => '*' whereas request.pl requires reserveforothers => 'place_holds' this is also true for course reserves - searching for an instructor will log the user out unless they have circulate permissions. tags-review uses it as well I think the most straightforward route is to remove the circulate permission check from ysearch and require simply catalogue. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/