From e77fe4e5dff1c2d10b11730e2f58fa1cec8e7b92 Mon Sep 17 00:00:00 2001 From: Nick Clemens Date: Wed, 28 Sep 2022 18:59:41 +0000 Subject: [PATCH] Bug 31643: Require only edit_catalogue, not full cataloging To test: 1 - Grant a patron: catalogue, edit_catalogue, and editauthorities permissions 2 - Log in to staff client 3 - Browse to: http://localhost:8081/cgi-bin/koha/svc/cataloguing/automatic_linker.pl 4 - UNAUTHORIZED 5 - Apply patch, restart all 6 - Log in and go to link again 7 - status "OK" Signed-off-by: Catrina Signed-off-by: Katrin Fischer Signed-off-by: Tomas Cohen Arazi (cherry picked from commit fb1ca3311001b0a7c5b93a54330a9206ff5b41d9) Signed-off-by: Lucas Gass (cherry picked from commit e3db0a35c38359a0a92f9eb81a29b2371aebb6e6) Signed-off-by: Arthur Suzuki (cherry picked from commit 7197149f6e42d88b67cc85c63d70f5f268f4d9a2) Signed-off-by: Wainui Witika-Park --- svc/cataloguing/automatic_linker.pl | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/svc/cataloguing/automatic_linker.pl b/svc/cataloguing/automatic_linker.pl index a04ccfb8c9..fbaf1bb4dc 100755 --- a/svc/cataloguing/automatic_linker.pl +++ b/svc/cataloguing/automatic_linker.pl @@ -28,8 +28,11 @@ my $input = CGI->new; print $input->header('application/json'); # Check the user's permissions -my ( $auth_status, $auth_sessid ) = - C4::Auth::check_cookie_auth( $input->cookie('CGISESSID'), { editauthorities => 1, editcatalogue => 1 } ); +my ( $auth_status ) = + C4::Auth::check_cookie_auth( $input->cookie('CGISESSID'), { + editauthorities => 1, + editcatalogue => 'edit_catalogue' + }); if ( $auth_status ne "ok" ) { print to_json( { status => 'UNAUTHORIZED' } ); exit 0; -- 2.39.5