From d197d32daf1bb3c9577d9bbe1fc4e8003e3c737e Mon Sep 17 00:00:00 2001
From: Galen Charlton <gmc@esilibrary.com>
Date: Mon, 10 Mar 2014 14:57:17 +0000
Subject: [PATCH] Bug 11866: (follow-up) repair security issue introduced by
 main patch

The main patch allows /any/ user with an account on the Koha system
to view the staff-side course-reserves home page -- including ordinary
patrons.  This patch repairs the oversight.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
(cherry picked from commit e9903d760e41410bf871053ccccf00c3a037862d)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
---
 course_reserves/course-reserves.pl | 1 +
 1 file changed, 1 insertion(+)

diff --git a/course_reserves/course-reserves.pl b/course_reserves/course-reserves.pl
index 4aa982a0a2..95baf7bf8b 100755
--- a/course_reserves/course-reserves.pl
+++ b/course_reserves/course-reserves.pl
@@ -35,6 +35,7 @@ my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
         query           => $cgi,
         type            => "intranet",
         authnotrequired => 0,
+        flagsrequired   => { catalogue => 1 },
     }
 );
 
-- 
2.39.2