web client allows add of item with only UPDATE_COPY permission
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Evergreen |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
web client 3.0.5
using our definition of a circ1 account did the following:
1. Searched by ISBN in the Keyword search in the Catalog
2. Clicked on the item record
3. Selected Add Volumes
4. Typed in the call no. and barcode
5. Changed the Evergreen Audience ( to allow me to save the volume/copy)
6. Clicked Save & Exit.
The window closed as per usual and the item was added to the record.
When reviewing the transaction in the osrfsys log file the only permission checked was UPDATE_COPY
bjackson@
2018-04-13 14:28:56 mig open-ils.cat: [INFO:13433:
tags: | added: cataloging |
tags: | removed: webstaffclient |
Changed in evergreen: | |
assignee: | Andrea Neiman (aneiman) → nobody |
Still an issue with 3.10 and 3.8