git.koha-community.org Git - koha.git/commit

author	Magnus Enger <magnus@libriotech.no>
	Tue, 9 May 2023 13:37:51 +0000 (15:37 +0200)
committer	Lucas Gass <lucas@bywatersolutions.com>
	Mon, 22 May 2023 15:41:24 +0000 (15:41 +0000)
commit	28f421986fc549a732c723dc7de6d90824f3fae0
tree	6b58a820682630b1ba5ae110271d18f09f2e3196	tree \| snapshot
parent	0f05431e3469139d714e7b86ea137d6e08ad370c	commit \| diff

Bug 33702: Patrons should only see their own ILLs in the OPAC

To reproduce:
- Enable the ILL module
- Install the FreeForm backend as described here:
  https://wiki.koha-community.org/wiki/ILL_backends
- Go to the ILL module and add two different ILL requests by
  clicking on "New ILL request" and entering the necessary details.
- Make sure you connect the two requests to two *different* patrons
  in the field marked "Card number, username or surname"
- Make the two titles different, and make a not of which title is
  connected to which patron
- Log in as one of the two patrons who now have an ILL request each,
  in the OPAC
- Go to the "Interlibrary loan requests" tab
- Click on "View" for the request connected to this patron. The URL
  will look like something like this:
  http://<opac>/cgi-bin/koha/opac-illrequests.pl?method=view&illrequest_id=2
- Now change the number at the end to correspond to the the ILL request
  connected to the *other* patron
- Verify you can see the details of an ILL request conncted to another
  patron than the patron you are logged in as

To test:
- Apply the patch
- Restart all the things if you are testing with ktd
- Reload the detail view of the ILL request that belongs to the patron
  you are not logged in as
- Verify you are redirect to the 404 page and can not see the details
  of the request that belongs to the patron you are not logged in as

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>