From e3db0a35c38359a0a92f9eb81a29b2371aebb6e6 Mon Sep 17 00:00:00 2001 From: Nick Clemens Date: Wed, 28 Sep 2022 18:59:41 +0000 Subject: [PATCH] Bug 31643: Require only edit_catalogue, not full cataloging To test: 1 - Grant a patron: catalogue, edit_catalogue, and editauthorities permissions 2 - Log in to staff client 3 - Browse to: http://localhost:8081/cgi-bin/koha/svc/cataloguing/automatic_linker.pl 4 - UNAUTHORIZED 5 - Apply patch, restart all 6 - Log in and go to link again 7 - status "OK" Signed-off-by: Catrina Signed-off-by: Katrin Fischer Signed-off-by: Tomas Cohen Arazi (cherry picked from commit fb1ca3311001b0a7c5b93a54330a9206ff5b41d9) Signed-off-by: Lucas Gass --- svc/cataloguing/automatic_linker.pl | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/svc/cataloguing/automatic_linker.pl b/svc/cataloguing/automatic_linker.pl index 17159d9686..228e01f402 100755 --- a/svc/cataloguing/automatic_linker.pl +++ b/svc/cataloguing/automatic_linker.pl @@ -29,7 +29,10 @@ print $input->header('application/json'); # Check the user's permissions my ( $auth_status ) = - C4::Auth::check_cookie_auth( $input->cookie('CGISESSID'), { editauthorities => 1, editcatalogue => 1 } ); + C4::Auth::check_cookie_auth( $input->cookie('CGISESSID'), { + editauthorities => 1, + editcatalogue => 'edit_catalogue' + }); if ( $auth_status ne "ok" ) { print to_json( { status => 'UNAUTHORIZED' } ); exit 0; -- 2.39.5