Koha/opac
Magnus Enger 1ad43fd47f
Bug 33702: Patrons should only see their own ILLs in the OPAC
To reproduce:
- Enable the ILL module
- Install the FreeForm backend as described here:
  https://wiki.koha-community.org/wiki/ILL_backends
- Go to the ILL module and add two different ILL requests by
  clicking on "New ILL request" and entering the necessary details.
- Make sure you connect the two requests to two *different* patrons
  in the field marked "Card number, username or surname"
- Make the two titles different, and make a not of which title is
  connected to which patron
- Log in as one of the two patrons who now have an ILL request each,
  in the OPAC
- Go to the "Interlibrary loan requests" tab
- Click on "View" for the request connected to this patron. The URL
  will look like something like this:
  http://<opac>/cgi-bin/koha/opac-illrequests.pl?method=view&illrequest_id=2
- Now change the number at the end to correspond to the the ILL request
  connected to the *other* patron
- Verify you can see the details of an ILL request conncted to another
  patron than the patron you are logged in as

To test:
- Apply the patch
- Restart all the things if you are testing with ktd
- Reload the detail view of the ILL request that belongs to the patron
  you are not logged in as
- Verify you are redirect to the 404 page and can not see the details
  of the request that belongs to the patron you are not logged in as

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-05-29 09:21:46 -03:00
..
clubs Bug 29844: Fix ->search occurrences 2022-02-09 15:36:23 -10:00
errors Bug 29420: HTTP status code incorrect when calling error pages directly under Plack/PSGI 2022-04-20 09:03:39 -10:00
external/overdrive Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
sci Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
sco Bug 31735: Avoid re-fetcing objects from database by passing them directly instead of ids to various subroutines 2023-05-12 12:40:21 -03:00
svc Bug 30426: Add missing C4::Auth and C4::Output imports 2022-04-13 15:55:38 +02:00
ilsdi.pl Bug 30944: Undo change to ILS-DI documentation 2022-10-03 13:44:11 -03:00
maintenance.pl Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
oai.pl
opac-account-pay-return.pl Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
opac-account-pay.pl Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
opac-account.pl Bug 29844: Fix ->search occurrences 2022-02-09 15:36:23 -10:00
opac-addbybiblionumber.pl Bug 30418: Add ability for permitted staff to edit list contents 2023-05-15 18:23:57 -03:00
opac-alert-subscribe.pl Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
opac-article-request-cancel.pl Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
opac-authorities-home.pl Bug 30036: Allow XSLT for authority results view in OPAC 2022-10-27 09:54:35 -03:00
opac-authoritiesdetail.pl Bug 21330: Allow XSLT for authority detail view in OPAC 2023-05-15 18:24:03 -03:00
opac-basket.pl Bug 33102: Display fields from biblioitems in OPAC/staff interface cart 2023-05-05 17:45:19 -03:00
opac-blocked.pl Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
opac-browse.pl Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
opac-browser.pl Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
opac-changelanguage.pl Bug 25898: Prohibit indirect object notation 2020-10-15 12:56:30 +02:00
opac-course-details.pl Bug 32445: (follow-up) Fix availability display on opac-course-details 2023-01-05 09:09:48 -03:00
opac-course-reserves.pl Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
opac-curbside-pickups.pl Bug 30650: Prevent pickup to be created on holiday 2022-07-29 15:00:51 -03:00
opac-detail.pl Bug 33037: Koha does not display difference between enumchron and serialseq in record detail view (OPAC and intranet) 2023-05-09 11:46:57 -03:00
opac-discharge.pl Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
opac-dismiss-message.pl Bug 12029: Remove 'params' from filter_by_unread 2023-04-20 15:48:47 -03:00
opac-downloadcart.pl Bug 29697: Use flag embed_items 2022-07-22 15:24:11 -03:00
opac-downloadshelf.pl Bug 33069: Fix error in MARC download for OPAC lists 2023-05-09 10:57:55 -03:00
opac-export.pl Bug 29697: Use flag embed_items 2022-07-22 15:24:11 -03:00
opac-holdshistory.pl Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
opac-ics.pl Bug 30927: Improve formatting or iCal files for checkout due dates 2022-08-09 07:39:17 -03:00
opac-idref.pl Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
opac-illrequests.pl Bug 33702: Patrons should only see their own ILLs in the OPAC 2023-05-29 09:21:46 -03:00
opac-image.pl Bug 28606: Remove $DEBUG and $ENV{DEBUG} 2021-06-24 11:53:44 +02:00
opac-imageviewer.pl Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
opac-ISBDdetail.pl Bug 30678: (follow-up) Change call in opac scripts 2022-07-22 14:58:12 -03:00
opac-issue-note.pl Bug 29544: (QA follow-up) Simplify code 2022-02-02 21:05:29 -10:00
opac-library.pl Bug 31775: Show single library 2022-10-17 08:25:55 -03:00
opac-main.pl Bug 31051: Show patron savings on the OPAC 2023-02-22 10:03:33 -03:00
opac-MARCdetail.pl Bug 23247: Use EmbedItems in opac-MARCdetail.pl 2023-02-20 09:44:15 -03:00
opac-memberentry.pl Bug 33197: Rename GDPR_Policy system preference 2023-05-05 10:18:54 -03:00
opac-messaging.pl Bug 31743: Change condition for messaging tab 2022-11-04 20:01:13 -03:00
opac-modrequest-suspend.pl Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
opac-modrequest.pl Bug 14783: (QA follow-up) Rename method and move tests 2022-10-17 15:43:22 -03:00
opac-mymessages.pl Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
opac-news-rss.pl Bug 24387: Rename "News" with "Additional contents" 2021-08-16 11:55:55 +02:00
opac-overdrive-search.pl Bug 29318: Tidy the code 2021-10-26 16:46:03 +02:00
opac-page.pl Bug 32251: Add a fallback for when language cookie was removed 2023-01-27 16:20:24 -03:00
opac-passwd.pl Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
opac-password-recovery.pl Bug 31739: Password recovery from staff fails if previous expired reset-entry exists. 2022-10-24 14:12:16 -03:00
opac-patron-consent.pl Bug 33197: Rename GDPR_Policy system preference 2023-05-05 10:18:54 -03:00
opac-patron-image.pl Bug 29931: (follow-up) Similar thing in opac-patron-image.pl 2022-03-15 22:30:50 -10:00
opac-privacy.pl Bug 29843: Use in opac/opac-privacy.pl 2022-02-10 14:44:23 -10:00
opac-ratings.pl Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
opac-readingrecord.pl Bug 31051: Show patron savings on the OPAC 2023-02-22 10:03:33 -03:00
opac-recall.pl Bug 30291: Changes to OPAC files 2022-05-05 11:17:36 -10:00
opac-recalls.pl Bug 30291: Changes to OPAC files 2022-05-05 11:17:36 -10:00
opac-recordedbooks-search.pl Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
opac-registration-verify.pl Bug 33192: Update all occurrences of AutoEmailPrimaryAddress 2023-04-14 11:35:39 -03:00
opac-renew.pl Bug 31735: Optimize OPAC checkouts view 2023-05-12 12:40:29 -03:00
opac-reportproblem.pl Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
opac-request-article.pl Bug 27946: Add UI handling of AR fees 2022-01-28 11:09:07 -10:00
opac-reserve.pl Bug 33302: Send and display errors when a hold cannot be placed on the OPAC 2023-05-09 11:46:54 -03:00
opac-reset-password.pl Bug 29925: Add a password reset page for expired passwords 2022-05-06 10:33:09 -10:00
opac-restrictedpage.pl Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
opac-retrieve-file.pl Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
opac-review.pl Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
opac-routing-lists.pl Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
opac-search-history.pl Bug 30377: Fix two CGI::param called in list context-warnings 2022-04-04 16:23:46 +02:00
opac-search.pl Bug 33569: Fix sort by relevance in catalog search 2023-05-09 11:46:47 -03:00
opac-sendbasket.pl Bug 33223: Replace 'first_valid' with 'notice' for email addresses 2023-05-16 15:17:35 -03:00
opac-sendshelf.pl Bug 33223: Fix sendshelf 2023-05-16 15:17:36 -03:00
opac-serial-issues.pl Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
opac-shareshelf.pl Bug 28959: Fix other cases 2021-10-28 17:47:38 +02:00
opac-shelves.pl Bug 30418: Add ability for permitted staff to edit list contents 2023-05-15 18:23:57 -03:00
opac-showmarc.pl Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
opac-showreviews.pl Bug 29697: Replace GetMarcBiblio occurrences with $biblio->metadata->record 2022-07-22 15:24:11 -03:00
opac-suggestions.pl Bug 29311: (QA follow-up) Fix an existing spelling typo 2023-04-06 10:03:14 -03:00
opac-tags.pl Bug 28375: (follow-up) Use C4::Context->interface 2022-10-20 11:50:53 -03:00
opac-tags_subject.pl Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
opac-topissues.pl Bug 17018: Split AdvancedSearchTypes for staff and OPAC 2022-04-12 17:13:02 +02:00
opac-user.pl Bug 31735: Optimize OPAC checkouts view 2023-05-12 12:40:29 -03:00
tracklinks.pl Bug 30262: Trim whitespace off tracklinks.pl URLs 2022-08-31 08:46:11 -03:00
unapi Bug 17600: Fix opac/unapi 2021-11-22 11:04:51 +01:00