Bug 14440: get_template_and_user can not have an empty template_name (updatesupplier.pl)

Since Bug 14408, the method get_template_and_user can not have an empty template_name.
Pages calling with an empty value should use C4::Auth::checkauth()

This patch corrects acqui/updatesupplier.pl

Test plan :
- Apply patch
- Connect to intranet with a user having "vendors_manage" permission
- Go to acquisition module
- Create a new vendor
- Click on "Edit vendor"
- Change some information and save
=> Your change is saved
- Connect to intranet with a user not having "vendors_manage" permission
- Try to access <intranet>/cgi-bin/koha/acqui/updatesupplier.pl
=> Access is denied
- Disconnect from intranet
- Try to access <intranet>/cgi-bin/koha/acqui/updatesupplier.pl
=> Access is denied

Signed-off-by: Indranil Das Gupta (L2C2 Technologies) <indradg@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Mason James <mtj@kohaaloha.com>

diff --git a/acqui/updatesupplier.pl b/acqui/updatesupplier.pl
index 7b3bf9d..ec13480 100755 (executable)
--- a/acqui/updatesupplier.pl
+++ b/acqui/updatesupplier.pl
@@ -55,15 +55,8 @@ use C4::Output;
 use CGI;
 
 my $input=new CGI;
-my ($template, $loggedinuser, $cookie) = get_template_and_user(
-       {   template_name   => "",
-               query           => $input,
-               type            => "intranet",
-               authnotrequired => 0,
-               flagsrequired   => { acquisition => 'vendors_manage' },
-               debug           => 1,
-       }
-);
+
+checkauth( $input, 0, { acquisition => 'vendors_manage' }, 'intranet' );
 
 #print $input->header();
 my $booksellerid=$input->param('booksellerid');