If a librarian has edit_subscription but not create_subscription :
When trying to edit a subscription, after saving permission is denied.
This is because permissions in serials/subscription-add.pl depends on arg 'op' and on edit this arg starts with 'modify' but changes to 'modsubscription' when saving.
Test plan :
- Create a user with staff access
- Define its permissions on serials : only edit_subscription
- Edit a subscription
- Click 'Next'
- Click 'Test prediction pattern'
- Click 'Save subscription'
=> Without patch you get to page serials/subscription-add.pl with permission denied
=> With patch subscription is saved and you get to subscription details page
Signed-off-by: Caroline Cyr La Rose <caroline.cyr-la-rose@inlibro.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit
12bd6358cfe6c9348cb111d22f04097f7911babf)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit
fe386c172496159198b34383c3080185de7ae0af)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
# Permission needed if it is a modification : edit_subscription
# Permission needed otherwise (nothing or dup) : create_subscription
-my $permission = ($op eq "modify") ? "edit_subscription" : "create_subscription";
+my $permission =
+ ( $op eq 'modify' || $op eq 'modsubscription' ) ? "edit_subscription" : "create_subscription";
my ($template, $loggedinuser, $cookie)
= get_template_and_user({template_name => "serials/subscription-add.tt",