Bug 20877: Do not consider DB user has permissions

Test plan:
0/ Do not apply the patch
1/ Confirm the new test fails
2/ Apply the patch
3/ Confirm the new test passes
4/ Test the installation process

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

diff --git a/C4/Auth.pm b/C4/Auth.pm
index 60c8c87..10929d8 100644 (file)
--- a/C4/Auth.pm
+++ b/C4/Auth.pm
@@ -2030,11 +2030,6 @@ sub haspermission {
     $sth->execute($userid);
     my $row = $sth->fetchrow();
     my $flags = getuserflags( $row, $userid );
-    if ( $userid eq C4::Context->config('user') ) {
-
-        # Super User Account from /etc/koha.conf
-        $flags->{'superlibrarian'} = 1;
-    }
 
     return $flags if $flags->{superlibrarian};
 

diff --git a/t/db_dependent/Auth.t b/t/db_dependent/Auth.t
index 5b7ce18..c8fb1f1 100644 (file)
--- a/t/db_dependent/Auth.t
+++ b/t/db_dependent/Auth.t
@@ -37,7 +37,7 @@ $schema->storage->txn_begin;
 
 subtest 'checkauth() tests' => sub {
 
-    plan tests => 2;
+    plan tests => 3;
 
     my $patron = $builder->build({ source => 'Borrower', value => { flags => undef } })->{userid};
 
@@ -63,6 +63,12 @@ subtest 'checkauth() tests' => sub {
         });
     ( $userid, $cookie, $sessionID, $flags ) = C4::Auth::checkauth( $cgi, $authnotrequired );
     is ( $userid, undef, 'If DB user is used, it should not be logged in' );
+
+    my $is_allowed = C4::Auth::haspermission( $db_user_id, { can_do => 'everything' } );
+
+    # FIXME This belongs to t/db_dependent/Auth/haspermission.t but we do not want to c/p the pervious mock statements
+    ok( !$is_allowed, 'DB user should not have any permissions');
+
     C4::Context->_new_userenv; # For next tests
 
 };