]> git.koha-community.org Git - koha.git/commit
Bug 7550: SCO - Restrict access of patron's image
authorJonathan Druart <jonathan.druart@bugs.koha-community.org>
Wed, 19 Apr 2017 17:09:12 +0000 (14:09 -0300)
committerKyle M Hall <kyle@bywatersolutions.com>
Mon, 8 May 2017 13:00:26 +0000 (09:00 -0400)
commit57f28f9ee44a6c8f19dc1411971a7ca397557acd
tree38ead5b2fc027575b5c6f5bbc7dc72b47a4c1143
parent3ef6d2d5153772cd1701005eef7e9a94bf901c32
Bug 7550: SCO - Restrict access of patron's image

With this patch if SelfCheckoutByLogin is set to 'username and
password', only the logged in user will be able to see the image linked
to his/her logged in account.
If set to "barcode" we generate a token but it can be easily generated.
You should add a warning in the about page if
SelfCheckoutByLogin="barcode" and ShowPatronImageInWebBasedSelfCheck="Show".

How I tested:
- Go to SCO
- Log - Enable self checkout, go to [Your
  Server]//cgi-bin/koha/sco/sco-main.pl
- Log in with a user 'A' who has a patron image
- Copy the address of the patron image into an other browser window
- Change the borrowernumber to on of an other user 'B' having a patron
  image
- Verify that the patron image is NOT displayed

Signed-off-by: Marc VĂ©ron <veron@veron.ch>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
koha-tmpl/opac-tmpl/bootstrap/en/modules/sco/sco-main.tt
opac/sco/sco-main.pl
opac/sco/sco-patron-image.pl