2.0 edit volume not respecting cataloger user permissions
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Evergreen |
Fix Released
|
High
|
Lebbeous Fogle-Weekley |
Bug Description
Evergreen version: 2.0.1, 2.0.5, and 2.0.6
OpenSRF version: 1.6.2, 1.6.3, and 2.0.0
PostgreSQL version: 8.4
Linux distribution: Ubuntu Lucid
Tested at various sites and with several versions of Evergreen 2.0. It appears that when going to edit a volume in holdings maintenance, a cataloger user (or staff account) can change volume labels for libraries that they don't have working permissions for. This is despite setting the "update_volume" permission so that it only applies to branch-only depth and the cataloger does not have working locations set.
Jenny from PALS reports that this was not the case when tested with their 1.6.1 server, so it appears that this is only affecting 2.0+ at this time.
Changed in evergreen: | |
status: | In Progress → Fix Committed |
Changed in evergreen: | |
milestone: | none → 2.0.7 |
Changed in evergreen: | |
status: | Fix Committed → Fix Released |
Hey Ben,
I'm not all that certain if I'm using our new git repo in the prescribed way, but the simple patch below should fix the problem in a basic test I conducted. If you can confirm it, (ooh maybe even sign-off!) I'll get it into master, rel_2_0 and rel_2_1.
http:// git.evergreen- ils.org/ ?p=working/ Evergreen. git;a=commit; h=ec45ea05739ec 350ed688fcf8e28 781e696819f4
Thanks