git.koha-community.org Git - koha.git/commit

]> git.koha-community.org Git - koha.git/commit

projects / koha.git / commit

summary | shortlog | log | commit | commitdiff | tree
(parent: 221b906) | patch

author	Fridolin Somers <fridolin.somers@biblibre.com>
	Thu, 4 Jul 2024 14:18:17 +0000 (16:18 +0200)
committer	wainuiwitikapark <wainuiwitikapark@catalyst.net.nz>
	Thu, 25 Jul 2024 02:17:34 +0000 (02:17 +0000)
commit	b402e8212186ca8a05d57b7b5656aa02a73e17d9
tree	a7d95ccdd8e082d3a9fcea740d375e07461f4fc1	tree \| snapshot
parent	221b90600418c2c750580ecd47f650fe070adef3	commit \| diff

Bug 37247: [23.05.x] Fix subscriptions operation allowed without authentication

Move close and reopen after get_template_and_user().
Also move Koha::Subscriptions->find(), not a good idea to run DB queries
before authentication.

Test plan :
1) Apply patch
2) Authenticate to staff interface
3) Go to an existing open subscription
4) Open a new browser tab and use it to log-out
5) Go to first tab and click on 'Close'
6) You get login page
7) Authenticate
8) Check subscription is not closed
9) Check you can close and reopen subscription

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: wainuiwitikapark <wainuiwitikapark@catalyst.net.nz>

serials/subscription-detail.pl

diff | blob | history

Main Koha release repository