Bug 31086: Update existing unit tests

[srvgit] / members / patronimage.pl

diff --git a/members/patronimage.pl b/members/patronimage.pl
index 42a82b9..e5b2b23 100755 (executable)
--- a/members/patronimage.pl
+++ b/members/patronimage.pl
@@ -25,12 +25,10 @@ use Modern::Perl;
 use CGI qw ( -utf8 );
 use C4::Auth qw( check_api_auth );
 use C4::Context;
-use C4::Members;
-use Koha::Patron::Images;
+use Koha::Patrons;
 
 $|=1;
 
-my $DEBUG = 0;
 my $query = CGI->new;
 my $borrowernumber;
 
@@ -48,25 +46,29 @@ This script, when called from within HTML and passed a valid patron borrowernumb
 
 =cut
 
-my ($status, $cookie, $sessionID) = check_api_auth($query, { catalogue => 1 } );
+my ($status, $cookie, $sessionID) = check_api_auth($query, [ { borrowers => '*' }, { circulate => '*' } ] );
 
 unless ( $status eq 'ok' ) {
     print $query->header(-type => 'text/plain', -status => '403 Forbidden');
     exit 0;
 }
 
-
-
 if ($query->param('borrowernumber')) {
     $borrowernumber = $query->param('borrowernumber');
 } else {
     $borrowernumber = shift;
 }
 
+my $patron         = Koha::Patrons->find( $borrowernumber );
+my $userenv = C4::Context->userenv;
+my $logged_in_user = Koha::Patrons->find( $userenv->{number} );
 
-warn "Borrowernumber passed in: $borrowernumber" if $DEBUG;
+unless ( $logged_in_user->can_see_patron_infos( $patron ) ) {
+    print $query->header(-type => 'text/plain', -status => '403 Forbidden');
+    exit 0;
+}
 
-my $patron_image = Koha::Patron::Images->find($borrowernumber);
+my $patron_image = $patron->image;
 
 # NOTE: Never dump the contents of $imagedata->{'patronimage'} via a warn to a log or nasty
 # things will result... you have been warned!