Bug 6322 - It's possible to view lists/virtualshelves even when virtualshelves is off

If the user knows the URL for OPAC lists they can access them even with
the virtualshelves preference turned off. This patch copies the solution
added to opac-topissues.pl by Bug 10595 and applies it to OPAC lists
pages.

To test, apply the patch and set the virtualshelves system preference to
"don't allow."

- Navigate to /cgi-bin/koha/opac-shelves.pl. You should be redirected to
  an Error 404 page.
- Also check:
  - /cgi-bin/koha/opac-shareshelf.pl.
  - /cgi-bin/koha/opac-downloadshelf.pl
  - /cgi-bin/koha/opac-sendshelf.pl
  - /cgi-bin/koha/opac-addbybiblionumber.pl
- Turn virtualshelves back on. Access to lists and list sharing should
  be restored.

Signed-off-by: Aleisha <aleishaamohia@hotmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>

diff --git a/opac/opac-addbybiblionumber.pl b/opac/opac-addbybiblionumber.pl
index b8ad330..eec38bd 100755 (executable)
--- a/opac/opac-addbybiblionumber.pl
+++ b/opac/opac-addbybiblionumber.pl
@@ -40,6 +40,11 @@ our $authorized          = 1;
 our $errcode           = 0;
 our @biblios;
 
+# if virtualshelves is disabled, leave immediately
+if ( ! C4::Context->preference('virtualshelves') ) {
+    print $query->redirect("/cgi-bin/koha/errors/404.pl");
+    exit;
+}
 
 if (scalar(@biblionumber) == 1) {
     @biblionumber = (split /\//,$biblionumber[0]);

diff --git a/opac/opac-downloadshelf.pl b/opac/opac-downloadshelf.pl
index 94bdae1..6102082 100755 (executable)
--- a/opac/opac-downloadshelf.pl
+++ b/opac/opac-downloadshelf.pl
@@ -36,6 +36,12 @@ use Koha::Virtualshelves;
 use utf8;
 my $query = new CGI;
 
+# if virtualshelves is disabled, leave immediately
+if ( ! C4::Context->preference('virtualshelves') ) {
+    print $query->redirect("/cgi-bin/koha/errors/404.pl");
+    exit;
+}
+
 my ( $template, $borrowernumber, $cookie ) = get_template_and_user (
     {
         template_name   => "opac-downloadshelf.tt",

diff --git a/opac/opac-sendshelf.pl b/opac/opac-sendshelf.pl
index 8d39c93..d4d31d8 100755 (executable)
--- a/opac/opac-sendshelf.pl
+++ b/opac/opac-sendshelf.pl
@@ -37,6 +37,12 @@ use Koha::Virtualshelves;
 
 my $query = new CGI;
 
+# if virtualshelves is disabled, leave immediately
+if ( ! C4::Context->preference('virtualshelves') ) {
+    print $query->redirect("/cgi-bin/koha/errors/404.pl");
+    exit;
+}
+
 my ( $template, $borrowernumber, $cookie ) = get_template_and_user (
     {
         template_name   => "opac-sendshelfform.tt",

diff --git a/opac/opac-shareshelf.pl b/opac/opac-shareshelf.pl
index 7bc07ee..2c788ce 100755 (executable)
--- a/opac/opac-shareshelf.pl
+++ b/opac/opac-shareshelf.pl
@@ -36,6 +36,14 @@ use C4::Output;
 use Koha::Virtualshelves;
 use Koha::Virtualshelfshares;
 
+
+# if virtualshelves is disabled, leave immediately
+if ( ! C4::Context->preference('virtualshelves') ) {
+    my $query = new CGI;
+    print $query->redirect("/cgi-bin/koha/errors/404.pl");
+    exit;
+}
+
 #-------------------------------------------------------------------------------
 
 my $pvar = _init( {} );

diff --git a/opac/opac-shelves.pl b/opac/opac-shelves.pl
index 067eb10..8b66274 100755 (executable)
--- a/opac/opac-shelves.pl
+++ b/opac/opac-shelves.pl
@@ -33,6 +33,12 @@ my $query = new CGI;
 
 my $template_name = $query->param('rss') ? "opac-shelves-rss.tt" : "opac-shelves.tt";
 
+# if virtualshelves is disabled, leave immediately
+if ( ! C4::Context->preference('virtualshelves') ) {
+    print $query->redirect("/cgi-bin/koha/errors/404.pl");
+    exit;
+}
+
 my ( $template, $loggedinuser, $cookie ) = get_template_and_user({
         template_name   => $template_name,
         query           => $query,