Bug 20083: (follow-up) use same logic in opac-showmarc

It was correctly pointed out that opac-showmarc would leak
the same way as catalogue/showmarc.pl, and so this patch
moves the authentication step up to the top where it
should be so as to prevent inappropriate data leaks.

TEST PLAN
---------
1) Set your OpacPublic system preference to Disabled
2) Open your OPAC and login
3) Find a biblio with items
4) Go to the opac details, particularly MARC view.
5) Copy the "view plain" shortcut link.
6) log out.
7) Paste the link into the address bar.
   -- the information will leak!
8) apply the patch
9) restart_all
10) Refresh the OPAC link
    -- log in screen will appear.
11) run koha qa test tools

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

opac/opac-showmarc.pl

@@ -34,6 +34,13 @@ use C4::Templates;
 use Koha::RecordProcessor;
 
 my $input       = new CGI;
+my ( $template, $loggedinuser, $cookie ) = get_template_and_user({
+    template_name   => "opac-showmarc.tt",
+    query           => $input,
+    type            => "opac",
+    authnotrequired => ( C4::Context->preference("OpacPublic") ? 1 : 0 ),
+    debug           => 1,
+});
 my $biblionumber = $input->param('id');
 $biblionumber   = int($biblionumber);
 my $importid= $input->param('importid');
@@ -71,13 +78,6 @@ if ($view eq 'card' || $view eq 'html') {
     output_html_with_http_headers $input, undef, Encode::encode_utf8(C4::XSLT::engine->transform($xml, $xsl));
 }
 else { #view eq marc
-    my ( $template, $loggedinuser, $cookie ) = get_template_and_user({
-        template_name   => "opac-showmarc.tt",
-        query           => $input,
-        type            => "opac",
-        authnotrequired => ( C4::Context->preference("OpacPublic") ? 1 : 0 ),
-        debug           => 1,
-    });
     $template->param( MARC_FORMATTED => $record->as_formatted );
     output_html_with_http_headers $input, $cookie, $template->output;
 }