Koha/opac/sco/sco-patron-image.pl
Tomas Cohen Arazi d6e8e88249 Bug 15492: Make existing code aware of new self_check* permissions
This patch makes the existing code for SCO use the new permissions schema
for self check modules. Specifically addresses this change:

  circulate  => self_checkout
becomes
  slef_check => self_checkout_module

about.pl checks are dejusted too.

get_template_and_user gets refactored to avoid code duplication and the
conditions are adjusted for the new permissions.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-03-26 17:31:18 -03:00

69 lines
2.1 KiB
Perl
Executable file

#!/usr/bin/perl
#
# Copyright 2009 LibLime
#
# This file is part of Koha.
#
# Koha is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# Koha is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Koha; if not, see <http://www.gnu.org/licenses>.
use strict;
use warnings;
use C4::Service;
use C4::Members;
use Koha::Patron::Images;
use Koha::Patrons;
use Koha::Token;
my ( $query, $response ) = C4::Service->init( self_check => 'self_checkout_module' );
unless (C4::Context->preference('WebBasedSelfCheck')) {
print $query->header(status => '403 Forbidden - web-based self-check not enabled');
exit;
}
unless (C4::Context->preference('ShowPatronImageInWebBasedSelfCheck')) {
print $query->header(status => '403 Forbidden - displaying patron images in self-check not enabled');
exit;
}
my ($borrowernumber) = C4::Service->require_params('borrowernumber');
my ($csrf_token) = C4::Service->require_params('csrf_token');
my $patron = Koha::Patrons->find( $borrowernumber );
my $patron_image = $patron->image;
if ($patron_image) {
unless (
Koha::Token->new->check_csrf(
{
session_id => scalar $query->cookie('CGISESSID')
. $patron->cardnumber,
id => $patron->userid,
token => $csrf_token,
}
)
)
{
print $query->header(-type => 'text/plain', -status => '403 Forbidden');
exit;
}
print $query->header(
-type => $patron_image->mimetype,
-Content_Length => length( $patron_image->imagefile )
),
$patron_image->imagefile;
} else {
print $query->header(status => '404 patron image not found');
}