Evergreen

Permission checkpoint is needed for editing due dates of non-owned items

Bug #1378025 reported by Michele Morgan on 2014-10-06

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Evergreen	Triaged	Wishlist	Unassigned

Bug Description

Evergreen needs a permission check to prevent staff users from editing due dates of items that are not owned by the checkout library.

The current permission that controls editing due dates, CIRC_OVERRIDE_DUE_DATE, allows a staff user with that permission to edit the due date on any item.

For systems with circulation policies based on the owning library of the copy, a permission checkpoint that respects ownership is necessary prevent staff users from overriding the owning library's circulation policy.

This should probably be a separate permission check from CIRC_OVERRIDE_DUE_DATE.

Permissions that control editing due dates should allow the following flexibility in configuring permitted staff user functions:

- A staff user is not permitted to edit any due dates.

- A staff user is permitted to edit due dates only for items owned by the checkout library.

- A staff user is permitted to edit due dates for any item.

Tags:

Kathy Lussier (klussier) on 2014-12-12

Changed in evergreen:
status:	New → Triaged
importance:	Undecided → Wishlist

Tiffany Little (tslittle) on 2021-10-15

tags:

added: circulation permissions
removed: wishlist

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.