From 31ca4849efd5539c6b287047ce2da560be7e1c53 Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Tue, 20 Sep 2016 09:55:25 +0100 Subject: [PATCH] Bug 17316: Do not display the list's name if the user does not have permission - OPAC MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit At the OPAC, if a user manipulate the URL to show a list (s)he is not allowed to view, the list's name will be displayed anyway. Test plan: - Create a private list with user A - Copy the op=view URL and access it with user B logged in => Without this patch, you will see the rss icon, the list's name and the "add list" button => Without this patch, only the "unauthorized" box will be displayed Followed test plan, works as expected. Signed-off-by: Marc Véron Signed-off-by: Katrin Fischer Signed-off-by: Kyle M Hall --- koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-shelves.tt | 2 +- opac/opac-shelves.pl | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-shelves.tt b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-shelves.tt index 4050672dbd..0e20fcf4c6 100644 --- a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-shelves.tt +++ b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-shelves.tt @@ -153,7 +153,7 @@ [% END %] - [% IF op == 'view' %] + [% IF shelf AND op == 'view' %]

[% shelf.shelfname |html %] diff --git a/opac/opac-shelves.pl b/opac/opac-shelves.pl index 25120e7947..065f517b9e 100755 --- a/opac/opac-shelves.pl +++ b/opac/opac-shelves.pl @@ -339,6 +339,7 @@ if ( $op eq 'view' ) { } } else { push @messages, { type => 'error', code => 'unauthorized_on_view' }; + undef $shelf; } } else { push @messages, { type => 'error', code => 'does_not_exist' }; -- 2.39.5