allow_edit_call_number : BUG when used

2008-07-11
2013-05-28
  • I _do_ realize this is nitpicking around a non-issue.
    I really stumbled upon this bug while doing something else (a patch to allow users to only edit their own records [as defined by the location string]... which I can publish soon if there's interest).

    Synopsis: The database field allow_edit_call_number should be renamed.

    Reason: This field is currently not pulled in from the database when user_permissions are read. If it ever is, it will collide with the allow_edit token. Since tokens for permissions are identified using regular expressions, I think this token will trigger allow_edit permissions for every user where it's true.

    Proposed fix: The easiest fix is to rename this flag while it's not used yet (e.g. allow_call_number_edit will prevent this behaviour)

    Cheers,
    Michael

     
    • Hi Michael,

      > The database field allow_edit_call_number should be renamed. 
      > Reason: This field is currently not pulled in from the database when user_permissions are read.

      It's correct that the 'allow_edit_call_number' permission setting isn't honoured yet.

      > If it ever is, it will collide with the allow_edit token.

      I see your point. Currently, the regex patterns that match the different permissions are not specific enough so that another permission may be incorrectly matched. This isn't a problem with the current set of permissions, but I agree with you that this may cause issues in the future.

      > Proposed fix: The easiest fix is to rename this flag while it's not used yet
      > (e.g. allow_call_number_edit will prevent this behaviour)

      Yes, that would be one possibility. However, I think I should better take the time and fix all relevant regex patterns in the code. I've noted this on my ToDo list and will hopefully be able to fix it soon.

      Thanks for the report!

      Matthias