projects / koha.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 637e5c6) | patch
follow-up to reports permissions patch
authorGalen Charlton <gmcharlt@gmail.com>
Wed, 10 Nov 2010 03:00:50 +0000 (22:00 -0500)
committerChris Cormack <chrisc@catalyst.net.nz>
Wed, 10 Nov 2010 06:39:50 +0000 (19:39 +1300)
commit89cda847a1852a0b42b79f245af57ec4ae429bd3
tree413611808a737cff28d8c07f8d45d5a4a721b4ebtree | snapshot
parent637e5c6713d781706d660d66a17b05e8afc35a2ecommit | diff
follow-up to reports permissions patch

* Enforce the requirement that the user must have the
  create_reports permission in order to delete a saved report;
  closes hole where unprivileged user could delete reports
  by constructing a URL maliciously
* Added another tweak of the template - don't offer option
  to create a new report if the user doesn't have permission.

Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
koha-tmpl/intranet-tmpl/prog/en/modules/reports/guided_reports_start.tmpl diff | blob | history
reports/guided_reports.pl diff | blob | history
Koha ILS @ FFZG - based on git://git.koha.org/pub/scm/koha.git