https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694
Benjamin Rokseth <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #54920|0 |1 is obsolete| | --- Comment #2 from Benjamin Rokseth <[email protected]> --- Created attachment 56068 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=56068&action=edit Bug 16694 - Limit SIP2 auth by patron attribute The main use case of this bug is to use patron attributes to grant special privileges, e.g. to open a door to an unmanned library. This patch adds an extra check against patron attributes if login account in SIPconfig.xml has a key validate_patron_attribute set to some patron attribute. If a patron information request is sent (63), and patron has proper rights in the given attribute: (a value of 1/true or some authorised value mapping to 1) The user will be allowed access (in SIP: charge and/or renewal ok). Otherwise denied. Please note that this is specific to the SIP login account, so self checkout machines can be handled differently than e.g. a door card terminal. To test: 0) you need to debug using telnet or the koha provided sip_client 1) add validate_patron_attribute="testattribute" to some login account in SIPconfig.xml 2) add a patron attribute "testattribute" 3) edit some patron and set "testattribute" to "1" 4) do a sip login with the given login account from SIPconfig.xml 5) do a patron information request (63) on the patron 6) observe that no charge or renewal denied is given in the response (64 ) 7) try all or any of the following: - set patron attribute to anything but "1" - delete the patron attribute - map the patron attribute to an authorized list, e.g. (YES_NO) and set it to a value that doesn't map to "1", e.g. "No". 8) do a patron information request (63) again 9) observe that charge and renewal is now denied in the SIP response (64YY) 10) thank yourself if noone else does and grab a coffee -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
