Bug 11866: (follow-up) repair security issue introduced by main patch

The main patch allows /any/ user with an account on the Koha system
to view the staff-side course-reserves home page -- including ordinary
patrons.  This patch repairs the oversight.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>

course_reserves/course-reserves.pl

@@ -35,6 +35,7 @@ my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
         query           => $cgi,
         type            => "intranet",
         authnotrequired => 0,
+        flagsrequired   => { catalogue => 1 },
     }
 );