Staff users can have permission at a more restrictive depth than assigned via a permission group
Bug #1480432 reported by
Michele Morgan
This bug affects 3 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Evergreen |
Fix Released
|
Medium
|
Unassigned |
Bug Description
With a hierarchical permission group structure, and assigned permission similar to the following:
Staff
|_Basic Circulation - SET_CIRC_
|_Circulation Supervisor - SET_CIRC_
A staff user in the Circulation Supervisor permission group can actually be authorized at the more restrictive depth of the parent permission group.
The database function permission.
Changed in evergreen: | |
assignee: | nobody → Michele Morgan (mmorgan) |
tags: | added: pullrequest |
tags: | added: needstest |
Changed in evergreen: | |
milestone: | none → 2.12.4 |
milestone: | 2.12.4 → 3.0-alpha |
Changed in evergreen: | |
importance: | Undecided → Medium |
status: | New → Confirmed |
Changed in evergreen: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
A working branch to change the sort of retrieved permissions in the function permission. usr_perms( ) is at:
http:// git.evergreen- ils.org/ ?p=working/ Evergreen. git;a=shortlog; h=refs/ heads/user/ mmorgan/ LP_1480432_ staff_user_ permission_ depth_fix