Since Bug 14408, the method get_template_and_user can not have an empty template_name.
Pages calling with an empty value should use C4::Auth::checkauth()
This patch corrects acqui/updatesupplier.pl
Test plan :
- Apply patch
- Connect to intranet with a user having "vendors_manage" permission
- Go to acquisition module
- Create a new vendor
- Click on "Edit vendor"
- Change some information and save
=> Your change is saved
- Connect to intranet with a user not having "vendors_manage" permission
- Try to access <intranet>/cgi-bin/koha/acqui/updatesupplier.pl
=> Access is denied
- Disconnect from intranet
- Try to access <intranet>/cgi-bin/koha/acqui/updatesupplier.pl
=> Access is denied
Signed-off-by: Indranil Das Gupta (L2C2 Technologies) <indradg@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Mason James <mtj@kohaaloha.com>
use CGI;
my $input=new CGI;
-my ($template, $loggedinuser, $cookie) = get_template_and_user(
- { template_name => "",
- query => $input,
- type => "intranet",
- authnotrequired => 0,
- flagsrequired => { acquisition => 'vendors_manage' },
- debug => 1,
- }
-);
+
+checkauth( $input, 0, { acquisition => 'vendors_manage' }, 'intranet' );
#print $input->header();
my $booksellerid=$input->param('booksellerid');