This patch removes 'insecure' system preference.
Also removes remaining code that make use of
the preference. It's broken anyway.
Only remains a reference in POD of C4/Boolean.pm
To test:
1) If you like, enable 'insecure' syspref. Broken system.
WARN: be prepared to revert value in database.
2) Apply the patch
3) Run updatedatabase.pl
4) Check that Staff login proceeds as usual.
5) Check that 'insecure' syspref is no more.
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Amended patch: Remove 2 occurrences of insecure (in comment only)
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
}
my $borrowernumber;
- my $insecure = C4::Context->preference('insecure');
- if ($user or $insecure) {
+ if ($user) {
require C4::Members;
# It's possible for $user to be the borrowernumber if they don't have a
# userid defined (and are logging in through some other method, such
# We are going to use the $flags returned by checkauth
# to create the template's parameters that will indicate
# which menus the user can access.
- if (( $flags && $flags->{superlibrarian}==1) or $insecure==1) {
+ if ( $flags && $flags->{superlibrarian}==1 ) {
$template->param( CAN_user_circulate => 1 );
$template->param( CAN_user_catalogue => 1 );
$template->param( CAN_user_parameters => 1 );
$template->param( CAN_user_reserveforothers => 1 );
$template->param( CAN_user_borrow => 1 );
$template->param( CAN_user_editcatalogue => 1 );
- $template->param( CAN_user_updatecharges => 1 );
+ $template->param( CAN_user_updatecharges => 1 );
$template->param( CAN_user_acquisition => 1 );
$template->param( CAN_user_management => 1 );
$template->param( CAN_user_tools => 1 );
GoogleJackets => C4::Context->preference("GoogleJackets"),
OpenLibraryCovers => C4::Context->preference("OpenLibraryCovers"),
KohaAdminEmailAddress => "" . C4::Context->preference("KohaAdminEmailAddress"),
- LoginBranchcode => (C4::Context->userenv?C4::Context->userenv->{"branch"}:"insecure"),
+ LoginBranchcode => (C4::Context->userenv?C4::Context->userenv->{"branch"}:undef),
LoginFirstname => (C4::Context->userenv?C4::Context->userenv->{"firstname"}:"Bel"),
LoginSurname => C4::Context->userenv?C4::Context->userenv->{"surname"}:"Inconnu",
emailaddress => C4::Context->userenv?C4::Context->userenv->{"emailaddress"}:undef,
IntranetNav => C4::Context->preference("IntranetNav"),
IntranetmainUserblock => C4::Context->preference("IntranetmainUserblock"),
LibraryName => C4::Context->preference("LibraryName"),
- LoginBranchname => (C4::Context->userenv?C4::Context->userenv->{"branchname"}:"insecure"),
+ LoginBranchname => (C4::Context->userenv?C4::Context->userenv->{"branchname"}:undef),
advancedMARCEditor => C4::Context->preference("advancedMARCEditor"),
canreservefromotherbranches => C4::Context->preference('canreservefromotherbranches'),
intranetcolorstylesheet => C4::Context->preference("intranetcolorstylesheet"),
$session->param('sessiontype','anon');
}
} # END unless ($userid)
- my $insecure = C4::Context->boolean_preference('insecure');
# finished authentification, now respond
- if ( $loggedin || $authnotrequired || ( defined($insecure) && $insecure ) )
+ if ( $loggedin || $authnotrequired )
{
# successful login
unless ($cookie) {
=item true_p
- if ( C4::Boolean::true_p(C4::Context->preference("insecure")) ) {
+ if ( C4::Boolean::true_p(C4::Context->preference("IndependantBranches")) ) {
...
}
#'
sub userenv {
my $var = $context->{"activeuser"};
- return $context->{"userenv"}->{$var} if (defined $var and defined $context->{"userenv"}->{$var});
- # insecure=1 management
- if ($context->{"dbh"} && $context->preference('insecure') eq 'yes') {
- my %insecure;
- $insecure{flags} = '16382';
- $insecure{branchname} ='Insecure';
- $insecure{number} ='0';
- $insecure{cardnumber} ='0';
- $insecure{id} = 'insecure';
- $insecure{branch} = 'INS';
- $insecure{emailaddress} = 'test@mode.insecure.com';
- return \%insecure;
+ if (defined $var and defined $context->{"userenv"}->{$var}) {
+ return $context->{"userenv"}->{$var};
} else {
return;
}
if ( C4::Context->preference("IndependantBranches") ) { # && !$showallbranches){
if ( my $userenv = C4::Context->userenv ) {
my $branch = $userenv->{'branch'};
- if ( ($userenv->{flags} % 2 !=1) &&
- $branch && $branch ne "insecure" ){
-
+ if ( ($userenv->{flags} % 2 !=1) && $branch ){
if (my $fr = ref $filter) {
if ( $fr eq "HASH" ) {
$filter->{branchcode} = $branch;
INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES('hide_marc',0,'If ON, disables display of MARC fields, subfield codes & indicators (still shows data)',NULL,'YesNo');
INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES('WaitingNotifyAtCheckin',0,'If ON, notify librarians of waiting holds for the patron whose items they are checking in.',NULL,'YesNo');
INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES('IndependantBranches',0,'If ON, increases security between libraries',NULL,'YesNo');
-INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES('insecure',0,'If ON, bypasses all authentication. Be careful!',NULL,'YesNo');
INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES('IntranetBiblioDefaultView','normal','Choose the default detail view in the staff interface; choose between normal, labeled_marc, marc or isbd','normal|marc|isbd|labeled_marc','Choice');
INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES('intranetcolorstylesheet','','Define the color stylesheet to use in the Staff Client','50','free');
INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES('IntranetmainUserblock','','Add a block of HTML that will display on the intranet home page','70|10','Textarea');
SetVersion($DBversion);
}
+$DBversion = "3.11.00.XXX";
+if ( CheckVersion($DBversion) ) {
+ $dbh->do("DELETE FROM systempreferences WHERE variable = 'insecure';");
+ print "Upgrade to $DBversion done (Bug 9827 - Remove 'insecure' system preference)\n";
+ SetVersion($DBversion);
+}
+
=head1 FUNCTIONS
=head2 TableExists($table)
no: "Don't allow"
- staff and patrons to create and view saved lists of books.
Login options:
- -
- - pref: insecure
- default: 0
- choices:
- yes: Allow
- no: "Don't allow"
- - staff to access the staff client without logging in. Enabling this is dangerous, and should not be done in production environments.
-
- Automatically log out users after
- pref: timeout
if (C4::Context->preference("IndependantBranches")){
if (C4::Context->userenv && C4::Context->userenv->{flags} % 2 !=1 && C4::Context->userenv->{'branch'}){
- $$patron{branchcode}=C4::Context->userenv->{'branch'} unless (C4::Context->userenv->{'branch'} eq "insecure");
+ $$patron{branchcode}=C4::Context->userenv->{'branch'};
}
}
$$patron{firstname}.="\%" if ($$patron{firstname});
=head1 SYNOPSIS
- POST /svc/config/systempreferences/insecure
POST /svc/config/systempreferences/
=head1 DESCRIPTION
return '490av';
} else {
warn "The syspref $pref was requested but I don't know what to say; this indicates that the test requires updating"
- unless $pref =~ m/(XSLT|item|branch|holding|image|insecure)/i;
+ unless $pref =~ m/(XSLT|item|branch|holding|image)/i;
return 0;
}
});