From 421746dd6337814f96adc6d79a773a2a23f50556 Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Mon, 4 Jun 2018 15:45:22 -0300 Subject: [PATCH] Bug 20877: Do not consider DB user has permissions Test plan: 0/ Do not apply the patch 1/ Confirm the new test fails 2/ Apply the patch 3/ Confirm the new test passes 4/ Test the installation process Signed-off-by: Chris Cormack Signed-off-by: Katrin Fischer Signed-off-by: Nick Clemens --- C4/Auth.pm | 5 ----- t/db_dependent/Auth.t | 8 +++++++- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/C4/Auth.pm b/C4/Auth.pm index 60c8c87911..10929d887f 100644 --- a/C4/Auth.pm +++ b/C4/Auth.pm @@ -2030,11 +2030,6 @@ sub haspermission { $sth->execute($userid); my $row = $sth->fetchrow(); my $flags = getuserflags( $row, $userid ); - if ( $userid eq C4::Context->config('user') ) { - - # Super User Account from /etc/koha.conf - $flags->{'superlibrarian'} = 1; - } return $flags if $flags->{superlibrarian}; diff --git a/t/db_dependent/Auth.t b/t/db_dependent/Auth.t index 5b7ce1888a..c8fb1f186b 100644 --- a/t/db_dependent/Auth.t +++ b/t/db_dependent/Auth.t @@ -37,7 +37,7 @@ $schema->storage->txn_begin; subtest 'checkauth() tests' => sub { - plan tests => 2; + plan tests => 3; my $patron = $builder->build({ source => 'Borrower', value => { flags => undef } })->{userid}; @@ -63,6 +63,12 @@ subtest 'checkauth() tests' => sub { }); ( $userid, $cookie, $sessionID, $flags ) = C4::Auth::checkauth( $cgi, $authnotrequired ); is ( $userid, undef, 'If DB user is used, it should not be logged in' ); + + my $is_allowed = C4::Auth::haspermission( $db_user_id, { can_do => 'everything' } ); + + # FIXME This belongs to t/db_dependent/Auth/haspermission.t but we do not want to c/p the pervious mock statements + ok( !$is_allowed, 'DB user should not have any permissions'); + C4::Context->_new_userenv; # For next tests }; -- 2.20.1