From 92e318dfc5d26bd3c9c0e9963f4eca3b45677f47 Mon Sep 17 00:00:00 2001 From: Nick Clemens Date: Fri, 4 May 2018 13:54:49 +0000 Subject: [PATCH] Bug 20707: Replace circ/search.pl circulate permission requirement with catalogue To test: 1 - Setup a staff patron with permissions: - catalogue - reserveforothers - course_reserves 2 - Log in to staff client as that patron 3 - Find a record and click to place a hold 4 - Type more than three letters into the search bar but don't submit 5 - Note that you will not receive autocomplete results 6 - Either submit, or try to visit any page in staff client 7 - Your session has been expired, you must log in again 8 - Log in, go to course reserves 9 - As before, trigger the autocomplete search in the instrcutor field 10 - Again your session has been terminated 11 - Apply patch 12 - Repeat above actions, this time you will not be kicked out Signed-off-by: Owen Leonard Signed-off-by: Katrin Fischer Signed-off-by: Jonathan Druart --- circ/ysearch.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/circ/ysearch.pl b/circ/ysearch.pl index 7a75c8087c..b9e75d0d4d 100755 --- a/circ/ysearch.pl +++ b/circ/ysearch.pl @@ -39,7 +39,7 @@ my $query = $input->param('term'); binmode STDOUT, ":encoding(UTF-8)"; print $input->header( -type => 'text/plain', -charset => 'UTF-8' ); -my ( $auth_status, $sessionID ) = check_cookie_auth( $input->cookie('CGISESSID'), { circulate => '*' } ); +my ( $auth_status, $sessionID ) = check_cookie_auth( $input->cookie('CGISESSID'), { catalogue => '1' } ); if ( $auth_status ne "ok" ) { exit 0; } -- 2.39.5