subject:"\[Koha\-bugs\] \[Bug 20707\] Permissions for circ\/ysearch.pl override specific page level permissions and delete sessions improperly"

[Koha-bugs] [Bug 20707] Permissions for circ/ysearch.pl override specific page level permissions and delete sessions improperly

2018-10-24 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20707

Martin Renvoize  changed:

   What|Removed |Added

 Status|Pushed to Stable|RESOLVED
 Resolution|--- |FIXED

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 20707] Permissions for circ/ysearch.pl override specific page level permissions and delete sessions improperly

2018-07-18 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20707

Martin Renvoize  changed:

   What|Removed |Added

 Status|Pushed to Master|Pushed to Stable
 CC||martin.renvoize@ptfs-europe
   ||.com

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 20707] Permissions for circ/ysearch.pl override specific page level permissions and delete sessions improperly

2018-05-11 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20707

Jonathan Druart  changed:

   What|Removed |Added

 Status|Passed QA   |Pushed to Master

--- Comment #7 from Jonathan Druart  
---
Pushed to master for 18.05, thanks to everybody involved!

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 20707] Permissions for circ/ysearch.pl override specific page level permissions and delete sessions improperly

2018-05-10 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20707

Katrin Fischer  changed:

   What|Removed |Added

  Attachment #75220|0   |1
is obsolete||

--- Comment #6 from Katrin Fischer  ---
Created attachment 75242
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=75242=edit
Bug 20707: Replace circ/search.pl circulate permission requirement with
catalogue

To test:
 1 - Setup a staff patron with permissions:
   - catalogue
   - reserveforothers
   - course_reserves
 2 - Log in to staff client as that patron
 3 - Find a record and click to place a hold
 4 - Type more than three letters into the search bar but don't submit
 5 - Note that you will not receive autocomplete results
 6 - Either submit, or try to visit any page in staff client
 7 - Your session has been expired, you must log in again
 8 - Log in, go to course reserves
 9 - As before, trigger the autocomplete search in the instrcutor field
10 - Again your session has been terminated
11 - Apply patch
12 - Repeat above actions, this time you will not be kicked out

Signed-off-by: Owen Leonard 

Signed-off-by: Katrin Fischer 

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 20707] Permissions for circ/ysearch.pl override specific page level permissions and delete sessions improperly

2018-05-10 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20707

Katrin Fischer  changed:

   What|Removed |Added

 Status|Signed Off  |Passed QA

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 20707] Permissions for circ/ysearch.pl override specific page level permissions and delete sessions improperly

2018-05-10 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20707

Jonathan Druart  changed:

   What|Removed |Added

   Assignee|koha-b...@lists.koha-commun |n...@bywatersolutions.com
   |ity.org |

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 20707] Permissions for circ/ysearch.pl override specific page level permissions and delete sessions improperly

2018-05-10 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20707

Owen Leonard  changed:

   What|Removed |Added

  Attachment #75078|0   |1
is obsolete||

--- Comment #5 from Owen Leonard  ---
Created attachment 75220
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=75220=edit
Bug 20707: Replace circ/search.pl circulate permission requirement with
catalogue

To test:
 1 - Setup a staff patron with permissions:
   - catalogue
   - reserveforothers
   - course_reserves
 2 - Log in to staff client as that patron
 3 - Find a record and click to place a hold
 4 - Type more than three letters into the search bar but don't submit
 5 - Note that you will not receive autocomplete results
 6 - Either submit, or try to visit any page in staff client
 7 - Your session has been expired, you must log in again
 8 - Log in, go to course reserves
 9 - As before, trigger the autocomplete search in the instrcutor field
10 - Again your session has been terminated
11 - Apply patch
12 - Repeat above actions, this time you will not be kicked out

Signed-off-by: Owen Leonard 

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 20707] Permissions for circ/ysearch.pl override specific page level permissions and delete sessions improperly

2018-05-10 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20707

Owen Leonard  changed:

   What|Removed |Added

 Status|Needs Signoff   |Signed Off

-- 
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 20707] Permissions for circ/ysearch.pl override specific page level permissions and delete sessions improperly

2018-05-07 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20707

Jonathan Druart  changed:

   What|Removed |Added

   Severity|critical|normal

--- Comment #4 from Jonathan Druart  
---
So it's not critical finally?

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 20707] Permissions for circ/ysearch.pl override specific page level permissions and delete sessions improperly

2018-05-04 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20707

Nick Clemens  changed:

   What|Removed |Added

 CC||jonathan.dru...@bugs.koha-c
   ||ommunity.org,
   ||katrin.fisc...@bsz-bw.de,
   ||k...@bywatersolutions.com

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 20707] Permissions for circ/ysearch.pl override specific page level permissions and delete sessions improperly

2018-05-04 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20707

--- Comment #3 from Nick Clemens  ---
Note: Workaround is to disable CircAutoCompl

-- 
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 20707] Permissions for circ/ysearch.pl override specific page level permissions and delete sessions improperly

2018-05-04 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20707

--- Comment #2 from Nick Clemens  ---
Created attachment 75078
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=75078=edit
Bug 20707: Replace circ/search.pl circulate permission requirement with
catalogue

To test:
 1 - Setup a staff patron with permissions:
catalogue
reserveforothers
course_reserves
 2 - Log in to staff client as that patron
 3 - Find a record and click to place a hold
 4 - Type more than three letters into the search bar but don't submit
 5 - Note that you will not receive autocomplete results
 6 - Either submit, or try to visit any page in staff client
 7 - Your session has been expired, you must log in again
 8 - Log in, go to course reserves
 9 - As before, trigger the autocomplete search in the instrcutor field
10 - Again your session has been terminated
11 - Apply patch
12 - Repeat above actions, this time you will not be kicked out

-- 
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 20707] Permissions for circ/ysearch.pl override specific page level permissions and delete sessions improperly

2018-05-04 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20707

Nick Clemens  changed:

   What|Removed |Added

   Patch complexity|--- |Trivial patch
 Status|NEW |Needs Signoff

-- 
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 20707] Permissions for circ/ysearch.pl override specific page level permissions and delete sessions improperly

2018-05-04 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20707

Nick Clemens  changed:

   What|Removed |Added

Summary|Permissions issue in|Permissions for
   |placing holds - users are   |circ/ysearch.pl override
   |logged out  |specific page level
   ||permissions and delete
   ||sessions improperly

--- Comment #1 from Nick Clemens  ---
With Kyle's help we tracked this down:

when placing a hold if you trigger the autocomplete i.e. ysearch.pl you are
logged out as not having permissions
circ/ysearch requires circulate => '*'
whereas
request.pl requires reserveforothers => 'place_holds'

this is also true for course reserves - searching for an instructor will log
the user out unless they have circulate permissions.

tags-review uses it as well

I think the most straightforward route is to remove the circulate permission
check from ysearch and require simply catalogue.

-- 
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 20707] Permissions for circ/ysearch.pl override specific page level permissions and delete sessions improperly

[Koha-bugs] [Bug 20707] Permissions for circ/ysearch.pl override specific page level permissions and delete sessions improperly

[Koha-bugs] [Bug 20707] Permissions for circ/ysearch.pl override specific page level permissions and delete sessions improperly

[Koha-bugs] [Bug 20707] Permissions for circ/ysearch.pl override specific page level permissions and delete sessions improperly

[Koha-bugs] [Bug 20707] Permissions for circ/ysearch.pl override specific page level permissions and delete sessions improperly

[Koha-bugs] [Bug 20707] Permissions for circ/ysearch.pl override specific page level permissions and delete sessions improperly

[Koha-bugs] [Bug 20707] Permissions for circ/ysearch.pl override specific page level permissions and delete sessions improperly

[Koha-bugs] [Bug 20707] Permissions for circ/ysearch.pl override specific page level permissions and delete sessions improperly

[Koha-bugs] [Bug 20707] Permissions for circ/ysearch.pl override specific page level permissions and delete sessions improperly

[Koha-bugs] [Bug 20707] Permissions for circ/ysearch.pl override specific page level permissions and delete sessions improperly

[Koha-bugs] [Bug 20707] Permissions for circ/ysearch.pl override specific page level permissions and delete sessions improperly

[Koha-bugs] [Bug 20707] Permissions for circ/ysearch.pl override specific page level permissions and delete sessions improperly

[Koha-bugs] [Bug 20707] Permissions for circ/ysearch.pl override specific page level permissions and delete sessions improperly

[Koha-bugs] [Bug 20707] Permissions for circ/ysearch.pl override specific page level permissions and delete sessions improperly

14 matches

Site Navigation

Mail list logo

Footer information