From effb64f7f2e48f5cf87e39699bd93c5448160da5 Mon Sep 17 00:00:00 2001 From: Galen Charlton Date: Tue, 29 Apr 2014 17:04:02 +0000 Subject: [PATCH] Bug 11715: require authentication for various staff scripts To test: [1] Verify that item record creating and editing during the acquisitions process continues to work. [2] Verify that calling services/itemrecorddisplay.pl without a valid user session fails. [3] Verify that authentication is required for making a new order from a suggestion, transferring an order, doing a Z39.50 search from acquisitions, displaying the record card view in the staff interface, and running the till reconciliation report (/cgi-bin/koha/reports/stats.screen.pl) Signed-off-by: Galen Charlton Signed-off-by: Jonathan Druart Signed-off-by: Katrin Fischer Verified all changed scripts are not accessible witout a valid user session, but are with one. Signed-off-by: Tomas Cohen Arazi --- acqui/newordersuggestion.pl | 1 - acqui/transferorder.pl | 2 -- acqui/z3950_search.pl | 1 - reports/stats.screen.pl | 2 -- serials/serial-issues.pl | 5 +---- services/itemrecorddisplay.pl | 2 +- 6 files changed, 2 insertions(+), 11 deletions(-) diff --git a/acqui/newordersuggestion.pl b/acqui/newordersuggestion.pl index efc634bf2c..c807938168 100755 --- a/acqui/newordersuggestion.pl +++ b/acqui/newordersuggestion.pl @@ -119,7 +119,6 @@ my ( $template, $borrowernumber, $cookie ) = get_template_and_user( template_name => "acqui/newordersuggestion.tmpl", type => "intranet", query => $input, - authnotrequired => 1, flagsrequired => { acquisition => 'order_manage' }, } ); diff --git a/acqui/transferorder.pl b/acqui/transferorder.pl index fe4968afc7..3d5fe83e4d 100755 --- a/acqui/transferorder.pl +++ b/acqui/transferorder.pl @@ -36,9 +36,7 @@ my ( $template, $loggedinuser, $cookie ) = get_template_and_user( { template_name => "acqui/transferorder.tmpl", query => $input, type => "intranet", - authnotrequired => 1, flagsrequired => { acquisition => 'order_manage' }, - debug => 1, } ); diff --git a/acqui/z3950_search.pl b/acqui/z3950_search.pl index f9c1ab50df..ab3732eb0f 100755 --- a/acqui/z3950_search.pl +++ b/acqui/z3950_search.pl @@ -70,7 +70,6 @@ my ( $template, $loggedinuser, $cookie ) = get_template_and_user( template_name => "acqui/z3950_search.tmpl", query => $input, type => "intranet", - authnotrequired => 1, flagsrequired => { acquisition => 'order_manage' }, } ); diff --git a/reports/stats.screen.pl b/reports/stats.screen.pl index 16b8f8aa4b..301cdd419f 100755 --- a/reports/stats.screen.pl +++ b/reports/stats.screen.pl @@ -39,9 +39,7 @@ my ( $template, $loggedinuser, $cookie ) = get_template_and_user( template_name => "reports/stats_screen.tmpl", query => $input, type => "intranet", - authnotrequired => 1, flagsrequired => { reports => '*' }, - debug => 1, } ); diff --git a/serials/serial-issues.pl b/serials/serial-issues.pl index b57baa148c..95156156b4 100755 --- a/serials/serial-issues.pl +++ b/serials/serial-issues.pl @@ -70,9 +70,7 @@ if ($selectview eq "full"){ = get_template_and_user({template_name => "serials/serial-issues-full.tmpl", query => $query, type => "intranet", - authnotrequired => 0, flagsrequired => {serials => '*'}, - debug => 1, }); # replace CR by
in librarian note @@ -94,8 +92,7 @@ if ($selectview eq "full"){ = get_template_and_user({template_name => "serials/serial-issues.tmpl", query => $query, type => "intranet", - authnotrequired => 1, - debug => 1, + flagsrequired => {serials => '*'}, }); # replace CR by
in librarian note diff --git a/services/itemrecorddisplay.pl b/services/itemrecorddisplay.pl index cd5fb32591..b2a0a2940a 100755 --- a/services/itemrecorddisplay.pl +++ b/services/itemrecorddisplay.pl @@ -40,7 +40,7 @@ my ($template, $loggedinuser, $cookie, $flags) = get_template_and_user( { template_name => 'services/itemrecorddisplay.tmpl', query => $input, type => 'intranet', - authnotrequired => 1, + flagsrequired => {acquisition => '*'}, } ); my $biblionumber = $input->param('biblionumber') || ''; -- 2.39.5