Bug 11715: require authentication for various staff scripts

To test:

[1] Verify that item record creating and editing during the
    acquisitions process continues to work.
[2] Verify that calling  services/itemrecorddisplay.pl without
    a valid user session fails.
[3] Verify that authentication is required for making a new
    order from a suggestion, transferring an order, doing a
    Z39.50 search from acquisitions, displaying the record
    card view in the staff interface, and running the till
    reconciliation report (/cgi-bin/koha/reports/stats.screen.pl)

Signed-off-by: Galen Charlton <gmc@esilibrary.com>

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Verified all changed scripts are not accessible witout a valid
user session, but are with one.

diff --git a/acqui/newordersuggestion.pl b/acqui/newordersuggestion.pl
index efc634b..c807938 100755 (executable)
--- a/acqui/newordersuggestion.pl
+++ b/acqui/newordersuggestion.pl
@@ -119,7 +119,6 @@ my ( $template, $borrowernumber, $cookie ) = get_template_and_user(
         template_name   => "acqui/newordersuggestion.tmpl",
         type            => "intranet",
         query           => $input,
-        authnotrequired => 1,
         flagsrequired   => { acquisition => 'order_manage' },
     }
 );

diff --git a/acqui/z3950_search.pl b/acqui/z3950_search.pl
index 0ae843f..1bc6992 100755 (executable)
--- a/acqui/z3950_search.pl
+++ b/acqui/z3950_search.pl
@@ -70,7 +70,6 @@ my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
         template_name   => "acqui/z3950_search.tmpl",
         query           => $input,
         type            => "intranet",
-        authnotrequired => 1,
         flagsrequired   => { acquisition => 'order_manage' },
     }
 );

diff --git a/reports/stats.screen.pl b/reports/stats.screen.pl
index 16b8f8a..301cdd4 100755 (executable)
--- a/reports/stats.screen.pl
+++ b/reports/stats.screen.pl
@@ -39,9 +39,7 @@ my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
         template_name   => "reports/stats_screen.tmpl",
         query           => $input,
         type            => "intranet",
-        authnotrequired => 1,
         flagsrequired   => { reports => '*' },
-        debug           => 1,
     }
 );
 

diff --git a/serials/serial-issues.pl b/serials/serial-issues.pl
index b57baa1..14ce33b 100755 (executable)
--- a/serials/serial-issues.pl
+++ b/serials/serial-issues.pl
@@ -70,9 +70,7 @@ if ($selectview eq "full"){
      = get_template_and_user({template_name => "serials/serial-issues-full.tmpl",
      query => $query,
      type => "intranet",
-     authnotrequired => 0,
         flagsrequired => {serials => '*'},
-     debug => 1,
      });
 
  # replace CR by <br> in librarian note
@@ -94,8 +92,7 @@ if ($selectview eq "full"){
     = get_template_and_user({template_name => "serials/serial-issues.tmpl",
         query => $query,
         type => "intranet",
-        authnotrequired => 1,
-        debug => 1,
+           flagsrequired => {serials => '*'},
      });
 
  # replace CR by <br> in librarian note

diff --git a/services/itemrecorddisplay.pl b/services/itemrecorddisplay.pl
index cd5fb32..b2a0a29 100755 (executable)
--- a/services/itemrecorddisplay.pl
+++ b/services/itemrecorddisplay.pl
@@ -40,7 +40,7 @@ my ($template, $loggedinuser, $cookie, $flags) = get_template_and_user( {
     template_name   => 'services/itemrecorddisplay.tmpl',
     query           => $input,
     type            => 'intranet',
-    authnotrequired => 1,
+    flagsrequired   => {acquisition => '*'},
 } );
 
 my $biblionumber = $input->param('biblionumber') || '';