https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=37041
--- Comment #31 from Marcel de Rooy <[email protected]> --- (In reply to Jonathan Druart from comment #30) > (In reply to Jonathan Druart from comment #29) > > is_auth would just need to get the patron's id from userenv, if exists it > > means that the user is authenticated already. > > Wait, isn't that true already actually? > > Cannot we simply replace the check_cookie_auth call with > C4::Auth::haspermission(C4::Context->userenv->{id}, {catalogue => 1}) > here? No, if this is a direct call to a value builder, the answer should be 403 (or 400) in any case. Not depending on login or permissions. This is what check_value_builder_caller implements too. -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
