Koha/members/mod_debarment.pl
Owen Leonard cbcfb847e0 Bug 12069: redirect to staff login if you access members/mod_debarment.pl when logged out
members/mod_debarment.pl's call to checkauth should pass 'intranet' so
that if the user happens to be logged out they will be redirected to the
staff client login form, rather than the OPAC.

To test, apply the patch and log in to the staff client:

- Add a restriction to a patron's account.
- View the restrictions tab on the patron's account. You should see the
  restriction and a "Remove" link for that restriction.
- In another tab, log out of the staff client.
- In the first tab, click the "Remove" link. You should be redirected to
  the staff client login page.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Good catch! Works as described, passes all tests and QA script.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2014-04-12 18:00:18 +00:00

63 lines
1.8 KiB
Perl
Executable file

#!/usr/bin/perl
# This file is part of Koha.
#
# Copyright 2013 ByWater Solutions
#
# Koha is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# Koha is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Koha; if not, see <http://www.gnu.org/licenses>.
use Modern::Perl;
use CGI;
use C4::Auth;
use Koha::DateUtils;
use Koha::Borrower::Debarments;
my $cgi = new CGI;
my ( $loggedinuser, $cookie, $sessionID ) = checkauth( $cgi, 0, { borrowers => 1 }, 'intranet' );
my $borrowernumber = $cgi->param('borrowernumber');
my $action = $cgi->param('action');
if ( $action eq 'del' ) {
DelDebarment( $cgi->param('borrower_debarment_id') );
} elsif ( $action eq 'add' ) {
my $expiration = $cgi->param('expiration');
if ($expiration) {
$expiration = dt_from_string($expiration);
$expiration = $expiration->ymd();
}
AddDebarment(
{ borrowernumber => $borrowernumber,
type => 'MANUAL',
comment => $cgi->param('comment'),
expiration => $expiration,
}
);
}
if ( $ENV{HTTP_REFERER} =~ /moremember/ ) {
print $cgi->redirect("/cgi-bin/koha/members/moremember.pl?borrowernumber=$borrowernumber");
} else {
print $cgi->redirect("/cgi-bin/koha/circ/circulation.pl?borrowernumber=$borrowernumber");
}
=head1 author
Kyle M Hall <kyle@bywatersolutions.com>
=cut