Bug 33702: Patrons should only see their own ILLs in the OPAC
To reproduce:
- Enable the ILL module
- Install the FreeForm backend as described here:
https://wiki.koha-community.org/wiki/ILL_backends
- Go to the ILL module and add two different ILL requests by
clicking on "New ILL request" and entering the necessary details.
- Make sure you connect the two requests to two *different* patrons
in the field marked "Card number, username or surname"
- Make the two titles different, and make a not of which title is
connected to which patron
- Log in as one of the two patrons who now have an ILL request each,
in the OPAC
- Go to the "Interlibrary loan requests" tab
- Click on "View" for the request connected to this patron. The URL
will look like something like this:
http://<opac>/cgi-bin/koha/opac-illrequests.pl?method=view&illrequest_id=2
- Now change the number at the end to correspond to the the ILL request
connected to the *other* patron
- Verify you can see the details of an ILL request conncted to another
patron than the patron you are logged in as
To test:
- Apply the patch
- Restart all the things if you are testing with ktd
- Reload the detail view of the ILL request that belongs to the patron
you are not logged in as
- Verify you are redirect to the 404 page and can not see the details
of the request that belongs to the patron you are not logged in as
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
projects / koha.git / commit