From a96ea52d8711a80ba885c1d433c7df668dba6652 Mon Sep 17 00:00:00 2001
From: Ere Maijala <ere.maijala@helsinki.fi>
Date: Mon, 19 Dec 2016 23:46:36 +0200
Subject: [PATCH] Added allowed_barcode_statuses to Voyager ILS drivers (#870)

- Limit the Voyager barcode statuses allowed to login by default so that e.g. lost card cannot be used anymore. Accepted statuses can be configured via the ini file.
---
 config/vufind/Voyager.ini                       |  5 +++++
 config/vufind/VoyagerRestful.ini                |  5 +++++
 module/VuFind/src/VuFind/ILS/Driver/Voyager.php | 14 ++++++++++++++
 3 files changed, 24 insertions(+)

diff --git a/config/vufind/Voyager.ini b/config/vufind/Voyager.ini
index 49f0b802721..c911a165470 100644
--- a/config/vufind/Voyager.ini
+++ b/config/vufind/Voyager.ini
@@ -20,6 +20,11 @@ login_field = LAST_NAME
 ; user has no PIN code. Disabled by default.
 ;fallback_login_field = LAST_NAME
 
+; Colon-separated list of barcode statuses ( see PATRON_BARCODE_STATUS table in
+; Voyager's database) that allow a user to log in. By default only barcodes with
+; status 1 (active) or 4 (expired) are allowed.
+;allowed_barcode_statuses = 1:4:5
+
 ; These settings affect the Fund list used as a limiter in the "new items" module:
 [Funds]
 ; Uncomment this line to turn off the fund list entirely.
diff --git a/config/vufind/VoyagerRestful.ini b/config/vufind/VoyagerRestful.ini
index bc960bce839..e0933fa9204 100644
--- a/config/vufind/VoyagerRestful.ini
+++ b/config/vufind/VoyagerRestful.ini
@@ -20,6 +20,11 @@ login_field = LAST_NAME
 ; user has no PIN code. Disabled by default.
 ;fallback_login_field = LAST_NAME
 
+; Colon-separated list of barcode statuses ( see PATRON_BARCODE_STATUS table in
+; Voyager's database) that allow a user to log in. By default only barcodes with
+; status 1 (active) or 4 (expired) are allowed.
+;allowed_barcode_statuses = 1:4:5
+
 ; This is the timeout value for making HTTP requests to the Voyager API.
 http_timeout = 30
 
diff --git a/module/VuFind/src/VuFind/ILS/Driver/Voyager.php b/module/VuFind/src/VuFind/ILS/Driver/Voyager.php
index c4f1bf87d0f..e9a4b951309 100644
--- a/module/VuFind/src/VuFind/ILS/Driver/Voyager.php
+++ b/module/VuFind/src/VuFind/ILS/Driver/Voyager.php
@@ -1227,6 +1227,20 @@ class Voyager extends AbstractBase
                "WHERE PATRON.PATRON_ID = PATRON_BARCODE.PATRON_ID AND " .
                "lower(PATRON_BARCODE.PATRON_BARCODE) = :barcode";
 
+        // Limit the barcode statuses that allow logging in. By default only
+        // 1 (active) and 4 (expired) are allowed.
+        $allowedStatuses = preg_replace(
+            '/[^:\d]*/',
+            '',
+            isset($this->config['Catalog']['allowed_barcode_statuses'])
+                ? $this->config['Catalog']['allowed_barcode_statuses']
+                : '1:4'
+        );
+        if ($allowedStatuses) {
+            $sql .= ' AND PATRON_BARCODE.BARCODE_STATUS IN ('
+                . str_replace(':', ',', $allowedStatuses) . ')';
+        }
+
         try {
             $bindBarcode = strtolower(utf8_decode($barcode));
             $compareLogin = mb_strtolower($login, 'UTF-8');
-- 
GitLab