git.koha-community.org Git - koha.git/commit

author	Magnus Enger <magnus@libriotech.no>
	Tue, 9 May 2023 13:37:51 +0000 (15:37 +0200)
committer	Arthur Suzuki <arthur.suzuki@biblibre.com>
	Tue, 23 May 2023 18:43:32 +0000 (20:43 +0200)
commit	55d5c76e5a6a9e0f76e6bf50d1e7a8ef68bc118e
tree	811c731a4eaabf21e4daf8628e3f0bfa5cc9fa4a	tree \| snapshot
parent	34694d7621d844b4d967f11d311530a8ca21abb2	commit \| diff

Bug 33702: Patrons should only see their own ILLs in the OPAC

To reproduce:
- Enable the ILL module
- Install the FreeForm backend as described here:
  https://wiki.koha-community.org/wiki/ILL_backends
- Go to the ILL module and add two different ILL requests by
  clicking on "New ILL request" and entering the necessary details.
- Make sure you connect the two requests to two *different* patrons
  in the field marked "Card number, username or surname"
- Make the two titles different, and make a not of which title is
  connected to which patron
- Log in as one of the two patrons who now have an ILL request each,
  in the OPAC
- Go to the "Interlibrary loan requests" tab
- Click on "View" for the request connected to this patron. The URL
  will look like something like this:
  http://<opac>/cgi-bin/koha/opac-illrequests.pl?method=view&illrequest_id=2
- Now change the number at the end to correspond to the the ILL request
  connected to the *other* patron
- Verify you can see the details of an ILL request conncted to another
  patron than the patron you are logged in as

To test:
- Apply the patch
- Restart all the things if you are testing with ktd
- Reload the detail view of the ILL request that belongs to the patron
  you are not logged in as
- Verify you are redirect to the 404 page and can not see the details
  of the request that belongs to the patron you are not logged in as

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>