Bug 20707: Replace circ/search.pl circulate permission requirement with catalogue

To test:
 1 - Setup a staff patron with permissions:
   - catalogue
   - reserveforothers
   - course_reserves
 2 - Log in to staff client as that patron
 3 - Find a record and click to place a hold
 4 - Type more than three letters into the search bar but don't submit
 5 - Note that you will not receive autocomplete results
 6 - Either submit, or try to visit any page in staff client
 7 - Your session has been expired, you must log in again
 8 - Log in, go to course reserves
 9 - As before, trigger the autocomplete search in the instrcutor field
10 - Again your session has been terminated
11 - Apply patch
12 - Repeat above actions, this time you will not be kicked out

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

diff --git a/circ/ysearch.pl b/circ/ysearch.pl
index 7a75c80..b9e75d0 100755 (executable)
--- a/circ/ysearch.pl
+++ b/circ/ysearch.pl
@@ -39,7 +39,7 @@ my $query = $input->param('term');
 binmode STDOUT, ":encoding(UTF-8)";
 print $input->header( -type => 'text/plain', -charset => 'UTF-8' );
 
-my ( $auth_status, $sessionID ) = check_cookie_auth( $input->cookie('CGISESSID'), { circulate => '*' } );
+my ( $auth_status, $sessionID ) = check_cookie_auth( $input->cookie('CGISESSID'), { catalogue => '1' } );
 if ( $auth_status ne "ok" ) {
     exit 0;
 }