[open-ils-commits] r11656 - trunk/Open-ILS/src/perlmods/OpenILS/Application

[svn at svn.open-ils.org]

Author: phasefx
Date: 2008-12-22 16:04:52 -0500 (Mon, 22 Dec 2008)
New Revision: 11656

Modified:
   trunk/Open-ILS/src/perlmods/OpenILS/Application/Actor.pm
Log:
if both username and barcode are provided, make sure they refer to the same user

Modified: trunk/Open-ILS/src/perlmods/OpenILS/Application/Actor.pm
===================================================================
--- trunk/Open-ILS/src/perlmods/OpenILS/Application/Actor.pm	2008-12-22 20:37:36 UTC (rev 11655)
+++ trunk/Open-ILS/src/perlmods/OpenILS/Application/Actor.pm	2008-12-22 21:04:52 UTC (rev 11656)
@@ -2989,14 +2989,21 @@
     my $e = new_editor(authtoken => $auth);
 	return $e->die_event unless $e->checkauth;
     my $user;
+    my $user_by_barcode;
+    my $user_by_username;
     if($barcode) {
         my $card = $e->search_actor_card([
             {barcode => $barcode},
             {flesh => 1, flesh_fields => {ac => ['usr']}}])->[0] or return 0;
-        $user = $card->usr;
-    } else {
-        $user = $e->search_actor_user({usrname => $username})->[0] or return 0;
+        $user_by_barcode = $card->usr;
+        $user = $user_by_barcode;
     }
+    if ($username) {
+        $user_by_username = $e->search_actor_user({usrname => $username})->[0] or return 0;
+        $user = $user_by_username;
+    }
+    return 0 if (!$user);
+    return 0 if ($user_by_username && $user_by_barcode && $user_by_username->id != $user_by_barcode->id); 
     return $e->event unless $e->allowed('VIEW_USER', $user->home_ou);
     return 1 if $user->passwd eq $password;
     return 0;