From c1a5442a2286afbcd1bb6a429adab6f5a009ca07 Mon Sep 17 00:00:00 2001 From: Nick Clemens Date: Fri, 13 Jan 2023 17:29:22 +0000 Subject: [PATCH] Bug 31893: Use checkauth and do not fetch about.tt template This patch updates four scripts to use checkauth instead of get_template_and_user reserve/modrequest.pl reserve/modrequest_suspendall.pl course_reserves/mod_course.pl members/members-update-do.pl No behvaiour change is expected To test: 0 - Apply patch 1 - Place some holds for a patron 2 - From patron page, confirm you can suspend all 3 - confirm you can delete marked holds 4 - Edit a course in course-reserves 5 - Make a chaneg to personal details via OPAC 6 - Confirm change can be approved on staff side Signed-off-by: David Nind Signed-off-by: Martin Renvoize Signed-off-by: Martin Renvoize (cherry picked from commit fc650b3e871e1d558ca1ff9f0dcb2f1fa0ad5db2) Signed-off-by: Matt Blenkinsop --- course_reserves/mod_course.pl | 11 +++-------- members/members-update-do.pl | 14 +++----------- reserve/modrequest.pl | 12 +++--------- reserve/modrequest_suspendall.pl | 12 +++--------- 4 files changed, 12 insertions(+), 37 deletions(-) diff --git a/course_reserves/mod_course.pl b/course_reserves/mod_course.pl index 3abcb9731f..e04072384b 100755 --- a/course_reserves/mod_course.pl +++ b/course_reserves/mod_course.pl @@ -23,18 +23,13 @@ use CGI qw ( -utf8 ); use C4::Output; use C4::Reserves; -use C4::Auth qw( get_template_and_user ); +use C4::Auth qw( checkauth ); use C4::CourseReserves qw( DelCourse ModCourse ModCourseInstructors ); my $cgi = CGI->new; -my ( $template, $loggedinuser, $cookie ) = get_template_and_user( - { template_name => "about.tt", - query => $cgi, - type => "intranet", - flagsrequired => { coursereserves => 'manage_courses' }, - } -); + +checkauth($cgi, 0, { coursereserves => 'manage_courses' }, 'intranet'); my $action = $cgi->param('action') || ''; my $course_id = $cgi->param('course_id'); diff --git a/members/members-update-do.pl b/members/members-update-do.pl index 88d021a394..a42c1ff963 100755 --- a/members/members-update-do.pl +++ b/members/members-update-do.pl @@ -19,7 +19,7 @@ use Modern::Perl; use CGI qw ( -utf8 ); -use C4::Auth qw( get_template_and_user ); +use C4::Auth qw( checkauth ); use C4::Output; use C4::Context; use Koha::Patrons; @@ -27,17 +27,9 @@ use Koha::Patron::Modifications; my $query = CGI->new; -# FIXME Should be a checkauth call -my ( $template, $loggedinuser, $cookie ) = get_template_and_user( - { - template_name => "about.tt", - query => $query, - type => "intranet", - flagsrequired => { borrowers => 'edit_borrowers' }, - } -); +my ( $userid, $cookie, $sessionID, $flags ) = checkauth($query, 0, { borrowers => 'edit_borrowers' }, 'intranet'); -my $logged_in_user = Koha::Patrons->find( $loggedinuser ); +my $logged_in_user = Koha::Patrons->find({ userid => $userid }); my @params = $query->param; diff --git a/reserve/modrequest.pl b/reserve/modrequest.pl index ec78f683be..3e9e5631b8 100755 --- a/reserve/modrequest.pl +++ b/reserve/modrequest.pl @@ -30,18 +30,12 @@ use Try::Tiny; use C4::Output; use C4::Reserves qw( ModReserve ModReserveCancelAll ); -use C4::Auth qw( get_template_and_user ); +use C4::Auth qw( checkauth ); use Koha::BackgroundJob::BatchUpdateBiblioHoldsQueue; my $query = CGI->new; -my ( $template, $loggedinuser, $cookie ) = get_template_and_user( - { - template_name => "about.tt", - query => $query, - type => "intranet", - flagsrequired => { reserveforothers => '*' }, - } -); + +checkauth($query, 0, { reserveforothers => '*' }, 'intranet'); my @reserve_id = $query->multi_param('reserve_id'); my @rank = $query->multi_param('rank-request'); diff --git a/reserve/modrequest_suspendall.pl b/reserve/modrequest_suspendall.pl index 0a802782b5..6c0847ec18 100755 --- a/reserve/modrequest_suspendall.pl +++ b/reserve/modrequest_suspendall.pl @@ -26,17 +26,11 @@ use Modern::Perl; use CGI qw ( -utf8 ); use C4::Output; use C4::Reserves qw( SuspendAll ); -use C4::Auth qw( get_template_and_user ); +use C4::Auth qw( checkauth ); my $query = CGI->new; -my ( $template, $loggedinuser, $cookie ) = get_template_and_user( - { - template_name => "about.tt", - query => $query, - type => "intranet", - flagsrequired => { reserveforothers => 1 }, - } -); + +checkauth($query, 0, { reserveforothers => '*' }, 'intranet'); my $borrowernumber = $query->param('borrowernumber'); my $suspend = $query->param('suspend'); -- 2.39.5