X-Git-Url: http://git.rot13.org/?a=blobdiff_plain;f=catalogue%2Fgetitem-ajax.pl;h=fd69a74322336f67d7a4817449d27afee5e043f0;hb=d6651ab9490d710d62dfe87d63d70e9ffcbdb040;hp=d05a8220f0b273d6276c894397984ecad67a815e;hpb=a6c9bd0eb55c32d5632625144775271f20aa15f7;p=koha.git

diff --git a/catalogue/getitem-ajax.pl b/catalogue/getitem-ajax.pl
index d05a8220f0..fd69a74322 100755
--- a/catalogue/getitem-ajax.pl
+++ b/catalogue/getitem-ajax.pl
@@ -21,6 +21,7 @@ use Modern::Perl;
 use CGI qw ( -utf8 );
 use JSON;
 
+use C4::Auth;
 use C4::Biblio;
 use C4::Branch;
 use C4::Items;
@@ -28,6 +29,14 @@ use C4::Koha;
 use C4::Output;
 
 my $cgi = new CGI;
+
+my ( $status, $cookie, $sessionID ) = C4::Auth::check_api_auth( $cgi, { acquisition => 'order_receive' } );
+unless ($status eq "ok") {
+    print $cgi->header(-type => 'application/json', -status => '403 Forbidden');
+    print to_json({ auth_status => $status });
+    exit 0;
+}
+
 my $item = {};
 my $itemnumber = $cgi->param('itemnumber');