Bug 11866: (follow-up) repair security issue introduced by main patch

The main patch allows /any/ user with an account on the Koha system
to view the staff-side course-reserves home page -- including ordinary
patrons.  This patch repairs the oversight.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>

diff --git a/course_reserves/course-reserves.pl b/course_reserves/course-reserves.pl
index 4aa982a..95baf7b 100755 (executable)
--- a/course_reserves/course-reserves.pl
+++ b/course_reserves/course-reserves.pl
@@ -35,6 +35,7 @@ my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
         query           => $cgi,
         type            => "intranet",
         authnotrequired => 0,
+        flagsrequired   => { catalogue => 1 },
     }
 );