From 7ecc1257865d47336071412bf65b321090b69ce4 Mon Sep 17 00:00:00 2001 From: Marcel de Rooy Date: Fri, 4 May 2018 08:10:46 +0200 Subject: [PATCH] Bug 20687: (follow-up) Look for invitekey in show_accept and fix error codes We should check the invitekey in show_accept by passing it along in the search call. On the way I fixed some error checking: if the list number is invalid, or the list is public or you are the owner, or if the key is not found, we should set the right error code; the template contains those messages. Test plan: [1] Share a list and accept a correct invitation with another user. [2] Try to accept some invalid proposals: wrong key, wrong list. Signed-off-by: Marcel de Rooy Tested invalid key, wrong list, owner, public list, expiry. Signed-off-by: Kyle M Hall Signed-off-by: Jonathan Druart --- opac/opac-shareshelf.pl | 60 +++++++++++++++++++---------------------- 1 file changed, 28 insertions(+), 32 deletions(-) diff --git a/opac/opac-shareshelf.pl b/opac/opac-shareshelf.pl index ad9dbc9ee2..ec9a663ed7 100755 --- a/opac/opac-shareshelf.pl +++ b/opac/opac-shareshelf.pl @@ -125,42 +125,38 @@ sub show_accept { my $shelfnumber = $param->{shelfnumber}; my $shelf = Koha::Virtualshelves->find( $shelfnumber ); - # The key for accepting is checked later in Koha::Virtualshelf->share + # The key for accepting is checked later in Koha::Virtualshelfshare # You must not be the owner and the list must be private - if ( $shelf->category == 2 or $shelf->owner == $param->{loggedinuser} ) { - return; + if( !$shelf ) { + $param->{errcode} = 2; + } elsif( $shelf->category == 2 ) { + $param->{errcode} = 5; + } elsif( $shelf->owner == $param->{loggedinuser} ) { + $param->{errcode} = 8; } - - # We could have used ->find with the share id, but we don't want to change - # the url sent to the patron - my $shared_shelves = Koha::Virtualshelfshares->search( - { - shelfnumber => $param->{shelfnumber}, - }, - { - order_by => { -desc => 'sharedate' }, - } - ); - - if ( $shared_shelves ) { - my $key = keytostring( stringtokey( $param->{key}, 0 ), 1 ); - while ( my $shared_shelf = $shared_shelves->next ) { - my $is_accepted = eval { $shared_shelf->accept( $key, $param->{loggedinuser} ) }; - if ( $is_accepted ) { - notify_owner($param); - - #redirect to view of this shared list - print $param->{query}->redirect( - -uri => SHELVES_URL . $param->{shelfnumber}, - -cookie => $param->{cookie} - ); - exit; - } + return if $param->{errcode}; + + # Look for shelfnumber and invitekey in shares, expiration check later + my $key = keytostring( stringtokey( $param->{key}, 0 ), 1 ); + my $shared_shelves = Koha::Virtualshelfshares->search({ + shelfnumber => $param->{shelfnumber}, + invitekey => $key, + }); + my $shared_shelf = $shared_shelves ? $shared_shelves->next : undef; # we pick the first, but there should only be one + + if ( $shared_shelf ) { + my $is_accepted = eval { $shared_shelf->accept( $key, $param->{loggedinuser} ) }; + if( $is_accepted ) { + notify_owner($param); + #redirect to view of this shared list + print $param->{query}->redirect( + -uri => SHELVES_URL . $param->{shelfnumber}, + -cookie => $param->{cookie} + ); + exit; } - $param->{errcode} = 7; #not accepted (key not found or expired) - } else { - # This shelf is not shared } + $param->{errcode} = 7; # not accepted: key invalid or expired } sub notify_owner { -- 2.39.5