[Koha-bugs] [Bug 29523] Add a way to prevent embedding objects that should not be allowed

[bugzilla-daemon at bugs.koha-community.org]

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29523

Martin Renvoize <martin.renvoize at ptfs-europe.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
 Attachment #156949|0                           |1
        is obsolete|                            |

--- Comment #136 from Martin Renvoize <martin.renvoize at ptfs-europe.com> ---
Created attachment 157081
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=157081&action=edit
Bug 29523: Add redaction for inaccessible objects

This patch switches from removing inaccessible items from the responses
to instead redacting fields in innaccessible responses.

This allows for embed traversal and keeps counts etc correct but also
hides the data we want to hide.

We add support for an 'unredact_list' method at the Koha::* class level
allowing for individual classes to specify which fields they wish to
expose to restricted users regardless of their restriction.

It is to be used in combination with the is_accessible method introduced
earlier in this patchset which is used to denote whether the current
user should be allowed to see the full record or only a subset of it as
defined in the unredacted_list.

We undefine any fields not listed in the unredact_list for the API
response. This has the effect of still returning the full object of
keys, but setting most fields to a JSON null.

-- 
You are receiving this mail because:
You are watching all bug changes.