Bug 10799: Limit the SCO user to the SCO module

The SCO user should only be allowed to access to the SCO module. This patch make the session ends if the user tries to access another page after the SCO module. Test plan: 0/ Configure the SCO module correctly 1/ Go on the sco main page (sco/sco-main.pl) 2/ Try to go somewhere else: you should not be logged in Signed-off-by: Marc Véron <veron@veron.ch> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2015-09-02 17:13:41 +01:00 · 2015-09-02 17:13:41 +01:00 · 02feeca14f
commit 02feeca14f
parent 9c203a0040
1 changed files with 23 additions and 0 deletions
--- a/C4/Auth.pm
+++ b/C4/Auth.pm
@ -178,6 +178,29 @@ sub get_template_and_user {
        );
    }

+
+    # If the user logged in is the SCO user and he tries to go out the SCO module, log the user out removing the CGISESSID cookie
+    if ( $in->{type} eq 'opac' and $in->{template_name} !~ m|sco/| ) {
+        if (  C4::Context->preference('AutoSelfCheckID') && $user eq C4::Context->preference('AutoSelfCheckID') ) {
+            $template = C4::Templates::gettemplate( 'opac-auth.tt', 'opac', $in->{query} );
+            my $cookie = $in->{query}->cookie(
+                -name     => 'CGISESSID',
+                -value    => '',
+                -expires  => '',
+                -HttpOnly => 1,
+            );
+
+            $template->param( loginprompt => 1 );
+            print $in->{query}->header(
+                -type    => 'text/html',
+                -charset => 'utf-8',
+                -cookie  => $cookie,
+              ),
+            $template->output;
+            safe_exit;
+        }
+    }
+
    my $borrowernumber;
    if ($user) {
        require C4::Members;