Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Confirmed private lists can be accessed directly before patch is
applied. After applying patch, I can no longer access the list
via the same url.
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
$sth->execute($user, $shelfnumber);
my $shelf= $sth->fetchrow_hashref;
- return 0 unless $shelf && ($shelf->{category}==2 || $shelf->{owner}==$user || $shelf->{borrowernumber}==$user);
+ return 0 unless $shelf && ($shelf->{category}==2 || $shelf->{owner}==$user || ($user && $shelf->{borrowernumber}==$user));
if($action eq 'view') {
#already handled in the above condition
return 1;