https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694
Benjamin Rokseth <benjamin.roks...@kul.oslo.kommune.no> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #66847|0 |1 is obsolete| | --- Comment #14 from Benjamin Rokseth <benjamin.roks...@kul.oslo.kommune.no> --- Created attachment 66848 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=66848&action=edit Bug 16694 - Limit SIP2 auth by patron attribute The main use case of this bug is to use patron attributes to grant special privileges, e.g. to open a door to an unmanned library. This patch adds an extra check against patron attributes if login account in SIPconfig.xml has a key validate_patron_attribute set to some patron attribute. If a patron information request is sent (63), and patron has proper rights in the given attribute: (a value of 1/true or some authorised value mapping to 1) The user will be allowed access (in SIP: charge and/or renewal ok). Otherwise denied. Please note that this is specific to the SIP login account, so self checkout machines can be handled differently than e.g. a door card terminal. To test: 0) you need to debug using telnet or the koha provided sip_client 1) add validate_patron_attribute="testattribute" to some login account in SIPconfig.xml 2) add a patron attribute "testattribute" 3) edit some patron and set "testattribute" to "1" 4) do a sip login with the given login account from SIPconfig.xml 5) do a patron information request (63) on the patron 6) observe that no charge or renewal denied is given in the response (64 ) 7) try all or any of the following: - set patron attribute to anything but "1" - delete the patron attribute - map the patron attribute to an authorized list, e.g. (YES_NO) and set it to a value that doesn't map to "1", e.g. "No". 8) do a patron information request (63) again 9) observe that charge and renewal is now denied in the SIP response (64YY) 10) thank yourself if noone else does and grab a coffee Signed-off-by: Magnus Enger <mag...@libriotech.no> Took me a while to remember I was on a gitified setup and needed to do sudo cp C4/SIP/Sip/MsgType.pm /usr/share/koha/lib/C4/SIP/Sip/MsgType.pm before I could test properly. Works as expected. I have a Swedish customer running a similar hack in production, so looking forward to getting this into Koha proper. -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/