]> git.koha-community.org Git - koha.git/commit
Bug 7550: SCO - Restrict access of patron's image
authorJonathan Druart <jonathan.druart@bugs.koha-community.org>
Wed, 19 Apr 2017 17:09:12 +0000 (14:09 -0300)
committerMason James <mtj@kohaaloha.com>
Wed, 24 May 2017 01:45:03 +0000 (13:45 +1200)
commitbf9cb4bdbce67b5b25ea16924474c773315c5d53
tree7e772b09a8edcd887584329e1bd948ac4e2ea2ce
parentf8a20081322f821bc2843db306d84c93b3d4fcb3
Bug 7550: SCO - Restrict access of patron's image

With this patch if SelfCheckoutByLogin is set to 'username and
password', only the logged in user will be able to see the image linked
to his/her logged in account.
If set to "barcode" we generate a token but it can be easily generated.
You should add a warning in the about page if
SelfCheckoutByLogin="barcode" and ShowPatronImageInWebBasedSelfCheck="Show".

How I tested:
- Go to SCO
- Log - Enable self checkout, go to [Your
  Server]//cgi-bin/koha/sco/sco-main.pl
- Log in with a user 'A' who has a patron image
- Copy the address of the patron image into an other browser window
- Change the borrowernumber to on of an other user 'B' having a patron
  image
- Verify that the patron image is NOT displayed

Signed-off-by: Marc VĂ©ron <veron@veron.ch>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Mason James <mtj@kohaaloha.com>
koha-tmpl/opac-tmpl/bootstrap/en/modules/sco/sco-main.tt
opac/sco/sco-main.pl
opac/sco/sco-patron-image.pl