Hi,
I'm testing out this module and would like to configure it so that only certain roles (in my case staff) can reserve kit for other users (students). I gather that the Merci Staff submodule should do this, so I've enabled it. Now when I create a reservation, I get the 'Reserve for:' field at the top as expected, which allows me to enter other usernames. But as soon as I move on to the next field, the 'Reserve for:' field immediately reverts back to the current user's name. It feels like a permissions issue - but I get the same problem logged in as admin too.
Any ideas?

Comments

Pongolyn’s picture

Pongolyn CreditAttribution: Pongolyn commented
Version: 6.x-2.0-beta11 » 6.x-2.0

I'm having the same issue. It appears from my testing that any user checking out reservations on behalf of another user must have the "administer nodes" permission, regardless of whether "override validation" is checked. This seems like overkill and a significant security risk in granting lower-tier users (checkout techs) god-like powers over the entire website. Is this intended behavior?