Bug 26734: Ratify account slip printing

[koha-ffzg.git] / members / apikeys.pl

diff --git a/members/apikeys.pl b/members/apikeys.pl
index 7354fce..fb9051d 100755 (executable)
--- a/members/apikeys.pl
+++ b/members/apikeys.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/env perl
+#!/usr/bin/perl
 
 # This file is part of Koha.
 #
@@ -28,14 +28,13 @@ use Koha::ApiKeys;
 use Koha::Patrons;
 use Koha::Token;
 
-my $cgi = new CGI;
+my $cgi = CGI->new;
 
 my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
     {   template_name   => 'members/apikeys.tt',
         query           => $cgi,
         type            => 'intranet',
-        authnotrequired => 0,
-        flagsrequired   => { borrowers => 1 },
+        flagsrequired   => { borrowers => 'edit_borrowers' },
     }
 );
 
@@ -45,7 +44,8 @@ my $api_key   = $cgi->param('key')       // '';
 
 $patron = Koha::Patrons->find($patron_id) if $patron_id;
 
-if ( not defined $patron ) {
+if ( not defined $patron or
+     not C4::Context->preference('RESTOAuth2ClientCredentials') ) {
 
     # patron_id invalid -> exit
     print $cgi->redirect("/cgi-bin/koha/errors/404.pl"); # escape early
@@ -59,11 +59,11 @@ if ( $op eq 'generate' or
      $op eq 'revoke' or
      $op eq 'activate' ) {
 
-    die "Wrong CSRF token"
-    unless Koha::Token->new->check_csrf({
-        session_id => scalar $cgi->cookie('CGISESSID'),
-        token      => scalar $cgi->param('csrf_token'),
-    });
+    output_and_exit( $cgi, $cookie, $template, 'wrong_csrf_token' )
+        unless Koha::Token->new->check_csrf({
+            session_id => scalar $cgi->cookie('CGISESSID'),
+            token      => scalar $cgi->param('csrf_token'),
+        });
 }
 
 if ($op) {