]> git.koha-community.org Git - koha.git/commit
projects / koha.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5016a85) | patch
Bug 7550: SCO - Restrict access of patron's image
authorJonathan Druart <jonathan.druart@bugs.koha-community.org>
Wed, 19 Apr 2017 17:09:12 +0000 (14:09 -0300)
committerKatrin Fischer <katrin.fischer.83@web.de>
Sat, 13 May 2017 12:47:47 +0000 (14:47 +0200)
commit93aea8afe56851e0660634f3e15f015edd5b9439
treeee263894fba0441f9efd3efd92460d9140771e58tree | snapshot
parent5016a854cc0cd151106aedee12f746e60d9c3ff2commit | diff
Bug 7550: SCO - Restrict access of patron's image

With this patch if SelfCheckoutByLogin is set to 'username and
password', only the logged in user will be able to see the image linked
to his/her logged in account.
If set to "barcode" we generate a token but it can be easily generated.
You should add a warning in the about page if
SelfCheckoutByLogin="barcode" and ShowPatronImageInWebBasedSelfCheck="Show".

How I tested:
- Go to SCO
- Log - Enable self checkout, go to [Your
  Server]//cgi-bin/koha/sco/sco-main.pl
- Log in with a user 'A' who has a patron image
- Copy the address of the patron image into an other browser window
- Change the borrowernumber to on of an other user 'B' having a patron
  image
- Verify that the patron image is NOT displayed

Signed-off-by: Marc VĂ©ron <veron@veron.ch>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 57f28f9ee44a6c8f19dc1411971a7ca397557acd)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
koha-tmpl/opac-tmpl/bootstrap/en/modules/sco/sco-main.tt diff | blob | history
opac/sco/sco-main.pl diff | blob | history
opac/sco/sco-patron-image.pl diff | blob | history
Main Koha release repository