From 02feeca14f4c27a05f46920545734c3a9e5455d7 Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Wed, 2 Sep 2015 17:13:41 +0100 Subject: [PATCH] Bug 10799: Limit the SCO user to the SCO module MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit The SCO user should only be allowed to access to the SCO module. This patch make the session ends if the user tries to access another page after the SCO module. Test plan: 0/ Configure the SCO module correctly 1/ Go on the sco main page (sco/sco-main.pl) 2/ Try to go somewhere else: you should not be logged in Signed-off-by: Marc VĂ©ron Signed-off-by: Kyle M Hall Signed-off-by: Tomas Cohen Arazi --- C4/Auth.pm | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/C4/Auth.pm b/C4/Auth.pm index d18ad299b5..b8ee9a56c1 100644 --- a/C4/Auth.pm +++ b/C4/Auth.pm @@ -178,6 +178,29 @@ sub get_template_and_user { ); } + + # If the user logged in is the SCO user and he tries to go out the SCO module, log the user out removing the CGISESSID cookie + if ( $in->{type} eq 'opac' and $in->{template_name} !~ m|sco/| ) { + if ( C4::Context->preference('AutoSelfCheckID') && $user eq C4::Context->preference('AutoSelfCheckID') ) { + $template = C4::Templates::gettemplate( 'opac-auth.tt', 'opac', $in->{query} ); + my $cookie = $in->{query}->cookie( + -name => 'CGISESSID', + -value => '', + -expires => '', + -HttpOnly => 1, + ); + + $template->param( loginprompt => 1 ); + print $in->{query}->header( + -type => 'text/html', + -charset => 'utf-8', + -cookie => $cookie, + ), + $template->output; + safe_exit; + } + } + my $borrowernumber; if ($user) { require C4::Members; -- 2.11.4.GIT