http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6390
Edgar Fuß <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #1 from Edgar Fuß <[email protected]> 2011-07-31 13:47:03 UTC --- As I need this functionality too, I just implemented the ``see mine/my branch/all'' suggestion. I added a new syspref, AcqViewBaskets, taking the values user/branch/all. The required MySQL statement to add this to the database is: INSERT INTO `systempreferences` (variable,value,options,explanation,type) VALUES ('AcqViewBaskets','user','user|branch|all','Define which baskets a user is allowed to view: his own only, any within his branch or all','Choice'); I don't feel comfortable enough with the automatic version tracking/database updating machinery to implement the changes need for that. For the change proper, see attached patch. However, that's all no real security as long as you can just pass ?basketno=nnn to all of the scripts handling baskets. You either have to change these or to randomise basket numbers. -- Configure bugmail: http://bugs.koha-community.org/bugzilla3/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA Contact for the bug. _______________________________________________ Koha-bugs mailing list [email protected] http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
