X-Git-Url: http://git.rot13.org/?a=blobdiff_plain;f=C4%2FAuth.pm;h=3f1c9dd2c5e8822f85712821cad458bbe3a7374c;hb=24f25369a58d4a2bc2adf92853feeed4337e013e;hp=3a24f29cae38cb838d4e4b9aa549cb148fbeaa35;hpb=9bf68c8c3e89bddb23662c9fbd03b7a7514c9955;p=koha.git diff --git a/C4/Auth.pm b/C4/Auth.pm index 3a24f29cae..3f1c9dd2c5 100644 --- a/C4/Auth.pm +++ b/C4/Auth.pm @@ -179,40 +179,42 @@ sub get_template_and_user { ); } + if ( $in->{type} eq 'opac' ) { + my $kick_out; - # If the user logged in is the SCO user and they try to go out of the SCO module, log the user out removing the CGISESSID cookie - if ( $in->{type} eq 'opac' and $in->{template_name} !~ m|sco/| ) { - if ( $user && C4::Context->preference('AutoSelfCheckID') && $user eq C4::Context->preference('AutoSelfCheckID') ) { - $template = C4::Templates::gettemplate( 'opac-auth.tt', 'opac', $in->{query} ); - my $cookie = $in->{query}->cookie( - -name => 'CGISESSID', - -value => '', - -expires => '', - -HttpOnly => 1, - ); - - $template->param( - loginprompt => 1, - script_name => get_script_name(), - ); - print $in->{query}->header( - { type => 'text/html', - charset => 'utf-8', - cookie => $cookie, - 'X-Frame-Options' => 'SAMEORIGIN' - } - ), - $template->output; - safe_exit; + if ( +# If the user logged in is the SCO user and they try to go out of the SCO module, +# log the user out removing the CGISESSID cookie + $in->{template_name} !~ m|sco/| + && $user + && C4::Context->preference('AutoSelfCheckID') + && $user eq C4::Context->preference('AutoSelfCheckID') + ) + { + $kick_out = 1; + } + elsif ( +# If the user logged in is the SCI user and they try to go out of the SCI module, +# kick them out unless it is SCO with a valid permission +# or they are a superlibrarian + $in->{template_name} !~ m|sci/| + && $user + && haspermission( $user, { self_check => 'self_checkin_module' } ) + && !( + $in->{template_name} =~ m|sco/| && haspermission( + $user, { self_check => 'self_checkout_module' } + ) + ) + && $flags && $flags->{superlibrarian} != 1 + ) + { + $kick_out = 1; } - } - # If the user logged in is the SCI user and they try to go out of the SCI module, - # log the user out removing the CGISESSID cookie - if ( $in->{type} eq 'opac' and $in->{template_name} !~ m|sci/| ) { - if ( $user && C4::Context->preference('AutoSelfCheckID') && $user eq C4::Context->preference('AutoSelfCheckID') ) { - $template = C4::Templates::gettemplate( 'opac-auth.tt', 'opac', $in->{query} ); - my $cookie = $in->{query}->cookie( + if ($kick_out) { + $template = C4::Templates::gettemplate( 'opac-auth.tt', 'opac', + $in->{query} ); + $cookie = $in->{query}->cookie( -name => 'CGISESSID', -value => '', -expires => '', @@ -223,14 +225,16 @@ sub get_template_and_user { loginprompt => 1, script_name => get_script_name(), ); + print $in->{query}->header( - { type => 'text/html', + { + type => 'text/html', charset => 'utf-8', cookie => $cookie, 'X-Frame-Options' => 'SAMEORIGIN' } ), - $template->output; + $template->output; safe_exit; } } @@ -499,8 +503,7 @@ sub get_template_and_user { EnableBorrowerFiles => C4::Context->preference('EnableBorrowerFiles'), UseKohaPlugins => C4::Context->preference('UseKohaPlugins'), UseCourseReserves => C4::Context->preference("UseCourseReserves"), - useDischarge => C4::Context->preference('useDischarge'), - KOHA_VERSION => C4::Context->preference('Version'), + useDischarge => C4::Context->preference('useDischarge') ); } else { @@ -574,7 +577,6 @@ sub get_template_and_user { OpacTopissue => C4::Context->preference("OpacTopissue"), RequestOnOpac => C4::Context->preference("RequestOnOpac"), 'Version' => C4::Context->preference('Version'), - KOHA_VERSION => C4::Context->preference('Version'), hidelostitems => C4::Context->preference("hidelostitems"), mylibraryfirst => ( C4::Context->preference("SearchMyLibraryFirst") && C4::Context->userenv ) ? C4::Context->userenv->{'branch'} : '', opaclayoutstylesheet => "" . C4::Context->preference("opaclayoutstylesheet"), @@ -1290,8 +1292,7 @@ sub checkauth { PatronSelfRegistration => C4::Context->preference("PatronSelfRegistration"), PatronSelfRegistrationDefaultCategory => C4::Context->preference("PatronSelfRegistrationDefaultCategory"), opac_css_override => $ENV{'OPAC_CSS_OVERRIDE'}, - too_many_login_attempts => ( $patron and $patron->account_locked ), - KOHA_VERSION => C4::Context->preference('Version'), + too_many_login_attempts => ( $patron and $patron->account_locked ) ); $template->param( SCO_login => 1 ) if ( $query->param('sco_user_login') );