lp1777677 Security tweaks
authorKyle Huckins <khuckins@catalyte.io>
Mon, 14 Jan 2019 22:22:40 +0000 (22:22 +0000)
committerGalen Charlton <gmc@equinoxinitiative.org>
Fri, 11 Sep 2020 19:51:31 +0000 (15:51 -0400)
commit61e9cf88540fe9598b658a715c637578412b39f3
tree981d90180be7752dbf3de4705a32d3afbb9791f1
parent79aa12062839db8a0b2bd8b4cc24267e14538e59
lp1777677 Security tweaks

- Refactor test notification API to check if requestor
is user,and if not, then check if requestor has
permissions to view users at target user's home ou.
- Change event_def_type references to "hook"
- Separate out sendTestEmail and sendTestSMS functions
in frontend to prevent potential misuse of functionality.

Signed-off-by: Kyle Huckins <khuckins@catalyte.io>
Signed-off-by: Terran McCanna <tmccanna@georgialibraries.org>
Signed-off-by: Chris Sharp <csharp@georgialibraries.org>
Signed-off-by: Galen Charlton <gmc@equinoxinitiative.org>
Open-ILS/src/perlmods/lib/OpenILS/Application/Actor.pm
Open-ILS/src/templates/opac/myopac/prefs.tt2
Open-ILS/src/templates/opac/myopac/prefs_notify.tt2
Open-ILS/src/templates/staff/circ/patron/t_edit.tt2
Open-ILS/web/js/ui/default/opac/test_notification.js
Open-ILS/web/js/ui/default/staff/circ/patron/regctl.js