[Koha-bugs] [Bug 25482] koha-plack not working under D10
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Wed May 13 23:58:05 CEST 2020
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25482
Tomás Cohen Arazi <tomascohen at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
Assignee|koha-bugs at lists.koha-commun |tomascohen at gmail.com
|ity.org |
--- Comment #1 from Tomás Cohen Arazi <tomascohen at gmail.com> ---
Found the issue. It took me a while....
The thing is, the JSON::Validator/openAPI plugin combination we have in D9 is
very loose, and doesn't catch a problem in the Advanced editor macros routes
spec. Basically, there are routes that have:
x-koha-permission: {
editcatalogue => 'advanced_editor',
editcatalogue => 'delete_shared_macros',
}
which is basically invalid, as you shouldn't be able to define a hash with two
values for the same key.
My first attempt was to just to the expected thing:
x-koha-permission: {
"editcatalogue" => [
'advanced_editor',
'delete_shared_macros'
]
}
This should work, but it doesn't really. Plack would be back to work, but
C4::Auth::haspermission validates the permissions when it shouldn't. At least
that's what running
$ prove t/db_dependent/api/v1/advanced_editor_macros.t
tells.
I will review the tests tomorrow (too tired today). It is possible that the
permissions assignment taking place in the tests is incorrect.
I was about to write a regression test for C4::Auth for this case, and see
what's going on, but... to my dismay... couldn't find tests...
--
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
More information about the Koha-bugs
mailing list