[Koha-bugs] [Bug 29523] Add a way to prevent embedding objects that should not be allowed
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Mon Oct 23 15:16:01 CEST 2023
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29523
--- Comment #158 from Marcel de Rooy <m.de.rooy at rijksmuseum.nl> ---
Okay, this looks very good to me in general.
But I am not yet convinced about the last patch with just these test lines:
- is( ref($patron_1->to_api({ user => $patron })), 'HASH', 'Returns the
object hash' );
- is( $patron_2->to_api({ user => $patron }), undef, 'Not accessible,
returns undef' );
+ is(
+ $patron_1->to_api( { user => $patron } )->{firstname},
$patron_1->firstname,
+ 'Returns unredacted object hash'
+ );
+ is( $patron_2->to_api( { user => $patron } )->{firstname}, undef,
'Returns redacted object hash' );
This is all or nothing. But I would like to see the clear difference where a
patron can see some columns because of unredact and when he is not.
Since patron->unredact_list now only contains branchcode, please show that?
You could mock unredact_list and show more?
Please still extend this unit test a little bit.
Do you have a real life example to test on the REST API. Which endpoint, which
embed. Which permissions? Etc?
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list