[Koha-bugs] [Bug 24841] REST API should check if patron is restricted/debarred
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Mon Nov 14 13:07:23 CET 2022
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=24841
--- Comment #11 from Tomás Cohen Arazi <tomascohen at gmail.com> ---
(In reply to mathieu saby from comment #9)
> Hi
> My library is planning to use the holds API to mimic the behavior of the
> OPAC, and the current behavior is problematic.
>
> What about a new parameter to define the "context" of the action
> (?context=staff vs ?context=opac ) ?
By design, the /api/v1/holds endpoint is to be used as an admin user. As such,
it has some -x-koha-override options (that can be enlarged, and it should
prevent placing a hold under those problematic scenarios. If it doesn't it is
because the underlying methods are not implementing the checks, as Arthur
mentions.
On the other hand, if you really want to do things as the patron (OPAC) we
should be implementing a /api/v1/public/ route instead.
--
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
More information about the Koha-bugs
mailing list