[Koha-bugs] [Bug 24841] REST API should check if patron is restricted/debarred
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Mon Jan 10 12:23:19 CET 2022
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=24841
Tomás Cohen Arazi <tomascohen at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |tomascohen at gmail.com
--- Comment #8 from Tomás Cohen Arazi <tomascohen at gmail.com> ---
What is the status for this? My two cents would be:
We have a header that is used here: x-koha-override: 'any', that will tell the
controller to override blocker conditions. We could add a check like:
if ( $patron->debarred ) {
return $c->render( status => 400, ... ) unless
$override_restricted_patron;
}
This is a workaround to the fact we don't have the 'holdability' routes on the
API. Because if we wanted to implement the staff hold request flow with the
API, we would certainly need to:
- Ask if a hold can be placed
- Prompt the user for confirmation, telling there are things to override
- Actually place the hold, overridding checks
So, as Nick says, we could also say this route shouldn't be checking things
unless they are hard blockers for Koha's core business logic, and what's
missing is the patron's (OPAC) perspective, or a route to check the situation
for feedback.
--
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
More information about the Koha-bugs
mailing list