use C4::Context;
use C4::Auth qw/check_cookie_auth haspermission/;
-use Koha::Upload;
+use Koha::Uploader;
# upload-file.pl must authenticate the user
# before processing the POST request,
# requires that the session cookie already
# has been created.
-my $flags_required = [
- {circulate => 'circulate_remaining_permissions'},
- {tools => 'stage_marc_import'},
- {tools => 'upload_local_cover_images'}
-];
-
my %cookies = CGI::Cookie->fetch;
my $sid = $cookies{'CGISESSID'}->value;
-
-my $auth_failure = 1;
my ( $auth_status, $sessionID ) = check_cookie_auth( $sid );
my $uid = C4::Auth::get_session($sid)->param('id');
-foreach my $flag_required ( @{$flags_required} ) {
- if ( my $flags = haspermission( $uid, $flag_required ) ) {
- $auth_failure = 0 if $auth_status eq 'ok';
- }
-}
+my $allowed = Koha::Uploader->allows_add_by( $uid );
-if ($auth_failure) {
+if( $auth_status ne 'ok' || !$allowed ) {
send_reply( 'denied' );
exit 0;
}
-my $upload = Koha::Upload->new( upload_pars($ENV{QUERY_STRING}) );
+my $upload = Koha::Uploader->new( upload_pars($ENV{QUERY_STRING}) );
if( !$upload || !$upload->cgi || !$upload->count ) {
# not one upload succeeded
send_reply( 'failed', undef, $upload? $upload->err: undef );
});
}
-sub upload_pars {
+sub upload_pars { # this sub parses QUERY_STRING in order to build the
+ # parameter hash for Koha::Uploader
my ( $qstr ) = @_;
$qstr = Encode::decode_utf8( uri_unescape( $qstr ) );
# category could include a utf8 character
projects / koha.git / blobdiff