Security fix for Launchpad Bug 1003052.
authorJason Stephenson <jstephenson@mvlc.org>
Mon, 11 Jun 2012 20:12:54 +0000 (16:12 -0400)
committerLebbeous Fogle-Weekley <lebbeous@esilibrary.com>
Wed, 13 Jun 2012 15:00:36 +0000 (11:00 -0400)
commite524c68ffba4cc7fb342b280409c810cec4b259f
tree186b3c082d73a15ecea2238629b102d8619c41f5
parent664516c733997dfa1954a7ce6cb80a4a153cb07c
Security fix for Launchpad Bug 1003052.

Bug reported by James Fournie:

Revoking the UPDATE_MARC permission doesn't actually seem to prevent a
user from editing a record. Our use case is that we would like a user
to create new records but not edit existing MARC records.

Changing CREATE_MARC to UPDATE_MARC in OpenILS::Application::Cat's
biblio_record_replace_marc() method seems to fix the problem.

Signed-off-by: Jason Stephenson <jstephenson@mvlc.org>
Signed-off-by: Lebbeous Fogle-Weekley <lebbeous@esilibrary.com>
Open-ILS/src/perlmods/lib/OpenILS/Application/Cat.pm