[Koha-patches] [PATCH] (bug #4004) disallow access for non-logged in users in opac
Nahuel ANGELINETTI
nahuel.angelinetti at biblibre.com
Thu Dec 24 15:22:43 CET 2009
This doesn't define borrowernumber = 0 if a borrower is NOT logged.
We know borrowernumber 0 is mysqluser... So in virtualshelves, a non logged user have all permissions.
---
C4/Auth.pm | 3 ++-
C4/VirtualShelves.pm | 1 +
2 files changed, 3 insertions(+), 1 deletions(-)
diff --git a/C4/Auth.pm b/C4/Auth.pm
index a4924a0..f810fd3 100644
--- a/C4/Auth.pm
+++ b/C4/Auth.pm
@@ -155,7 +155,8 @@ sub get_template_and_user {
$template->param( bartotal => $total->{'bartotal'}, ) if ($total->{'bartotal'} > scalar (@$barshelves));
}
- $borrowernumber = getborrowernumber($user);
+ $borrowernumber = getborrowernumber($user) if defined($user);
+
my ( $borr ) = GetMemberDetails( $borrowernumber );
my @bordat;
$bordat[0] = $borr;
diff --git a/C4/VirtualShelves.pm b/C4/VirtualShelves.pm
index b8a5a83..1d0e4ab 100644
--- a/C4/VirtualShelves.pm
+++ b/C4/VirtualShelves.pm
@@ -473,6 +473,7 @@ sub ShelfPossibleAction {
$sth->execute($shelfnumber);
my ( $owner, $category ) = $sth->fetchrow;
my $borrower = GetMemberDetails($user);
+ return 0 if not defined($user);
return 1 if ( $category >= 3); # open list
return 1 if (($category >= 2) and
defined($action) and $action eq 'view'); # public list, anybody can view
--
1.6.3.3
More information about the Koha-patches
mailing list