https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=37041 --- Comment #31 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- (In reply to Jonathan Druart from comment #30)
(In reply to Jonathan Druart from comment #29)
is_auth would just need to get the patron's id from userenv, if exists it means that the user is authenticated already.
Wait, isn't that true already actually?
Cannot we simply replace the check_cookie_auth call with C4::Auth::haspermission(C4::Context->userenv->{id}, {catalogue => 1}) here?
No, if this is a direct call to a value builder, the answer should be 403 (or 400) in any case. Not depending on login or permissions. This is what check_value_builder_caller implements too. -- You are receiving this mail because: You are watching all bug changes.