[Koha-bugs] [Bug 29523] Add a way to prevent embedding objects that should not be allowed
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Thu Oct 19 11:58:09 CEST 2023
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29523
--- Comment #148 from Jonathan Druart <jonathan.druart+koha at gmail.com> ---
Created attachment 157416
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=157416&action=edit
Bug 29523: Add redaction for inaccessible objects
This patch switches from removing inaccessible items from the responses
to instead redacting fields in innaccessible responses.
This allows for embed traversal and keeps counts etc correct but also
hides the data we want to hide.
We add support for an 'unredact_list' method at the Koha::* class level
allowing for individual classes to specify which fields they wish to
expose to restricted users regardless of their restriction.
It is to be used in combination with the is_accessible method introduced
earlier in this patchset which is used to denote whether the current
user should be allowed to see the full record or only a subset of it as
defined in the unredacted_list.
We undefine any fields not listed in the unredact_list for the API
response. This has the effect of still returning the full object of
keys, but setting most fields to a JSON null.
Signed-off-by: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list