Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Koha/opac/opac-main.pl
Aleisha Amohia 9f8187257a Bug 22370: Prevent OPAC users from seeing staff news from URL 
To test:
1) Have some OPAC and staff only news items
2) On the OPAC view a single news item
3) Change the ID in the URL to the ID of a staff news item
4) Notice you can view the news item without any problems
5) Apply the patch and refresh the page
6) An error should show that the news item doesn't exist
7) Confirm you can still view OPAC news items individually

Sponsored-by: Catalyst IT

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2019-03-04 18:19:58 +00:00

117 lines
4 KiB
Perl
Executable file
Raw Blame History

#!/usr/bin/perl
# This file is part of Koha.
#
# Parts Copyright (C) 2013 Mark Tompsett
#
# Koha is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# Koha is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Koha; if not, see <http://www.gnu.org/licenses>.
use Modern::Perl;
use CGI qw ( -utf8 );
use C4::Auth; # get_template_and_user
use C4::Output;
use C4::NewsChannels; # GetNewsToDisplay
use C4::Languages qw(getTranslatedLanguages accept_language);
use C4::Koha qw( GetDailyQuote );
use C4::Members;
use C4::Overdues;
use Koha::Checkouts;
use Koha::Holds;
use Koha::News;
my $input = new CGI;
my $dbh = C4::Context->dbh;
my ( $template, $borrowernumber, $cookie ) = get_template_and_user(
{
template_name => "opac-main.tt",
type => "opac",
query => $input,
authnotrequired => ( C4::Context->preference("OpacPublic") ? 1 : 0 ),
}
);
my $casAuthentication = C4::Context->preference('casAuthentication');
$template->param(
casAuthentication => $casAuthentication,
);
# display news
# use cookie setting for language, bug default to syspref if it's not set
my ($theme, $news_lang, $availablethemes) = C4::Templates::themelanguage(C4::Context->config('opachtdocs'),'opac-main.tt','opac',$input);
my $homebranch;
if (C4::Context->userenv) {
$homebranch = C4::Context->userenv->{'branch'};
}
if (defined $input->param('branch') and length $input->param('branch')) {
$homebranch = $input->param('branch');
}
elsif (C4::Context->userenv and defined $input->param('branch') and length $input->param('branch') == 0 ){
$homebranch = "";
}
my $news_id = $input->param('news_id');
my @all_koha_news;
if (defined $news_id){
@all_koha_news = Koha::News->search({ idnew => $news_id, lang => { '!=', 'koha' } }); # get news that is not staff-only news
if (scalar @all_koha_news > 0){
$template->param( news_item => @all_koha_news );
} else {
$template->param( single_news_error => 1 );
}
} else {
@all_koha_news = &GetNewsToDisplay($news_lang,$homebranch);
}
my $quote = GetDailyQuote(); # other options are to pass in an exact quote id or select a random quote each pass... see perldoc C4::Koha
# For dashboard
my $patron = Koha::Patrons->find( $borrowernumber );
if ( $patron ) {
my $checkouts = Koha::Checkouts->search({ borrowernumber => $borrowernumber })->count;
my ( $overdues_count, $overdues ) = checkoverdues($borrowernumber);
my $holds_pending = Koha::Holds->search({ borrowernumber => $borrowernumber, found => undef })->count;
my $holds_waiting = Koha::Holds->search({ borrowernumber => $borrowernumber })->waiting->count;
my $total = $patron->account->balance;
if ( $checkouts > 0 || $overdues_count > 0 || $holds_pending > 0 || $holds_waiting > 0 || $total > 0 ) {
$template->param(
dashboard_info => 1,
checkouts => $checkouts,
overdues => $overdues_count,
holds_pending => $holds_pending,
holds_waiting => $holds_waiting,
total_owing => $total,
);
}
}
$template->param(
koha_news => @all_koha_news,
branchcode => $homebranch,
display_daily_quote => C4::Context->preference('QuoteOfTheDay'),
daily_quote => $quote,
);
# If GoogleIndicTransliteration system preference is On Set parameter to load Google's javascript in OPAC search screens
if (C4::Context->preference('GoogleIndicTransliteration')) {
$template->param('GoogleIndicTransliteration' => 1);
}
output_html_with_http_headers $input, $cookie, $template->output;
View git blame Copy permalink