Bug 20100: Disallow access to superlibrarian privileges at client side
commitccf62d46d7143965086fae7770c2fb27031e1bb6
authorMarcel de Rooy <m.de.rooy@rijksmuseum.nl>
Wed, 31 Jan 2018 15:47:23 +0000 (31 16:47 +0100)
committerJonathan Druart <jonathan.druart@bugs.koha-community.org>
Wed, 25 Apr 2018 13:23:53 +0000 (25 10:23 -0300)
tree4adc5b7d6dcbf87f839e87ec72226e61db2d0a91
parentf26b68a07f8ac8e5dd47a1e478e47507e424453a
Bug 20100: Disallow access to superlibrarian privileges at client side

This last patch activates the check at client side.
If the pref ProtectSuperlibPrivs is enabled, non-superlibs should not be
able to change superlibrarian privileges via the interface.

Test plan:
[1] Enable the pref.
[2] Login as superlib and add/remove superlib privs to a staff user.
[3] Login as another user (no superlib, but having borrowers, permissions
    and staff_access). Verify that you cannot add or remove superlib
    privs.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: JM Broust <jean-manuel.broust@univ-lyon2.fr>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
koha-tmpl/intranet-tmpl/prog/en/modules/members/member-flags.tt