[Koha-bugs] [Bug 29523] Add a way to prevent embedding objects that should not be allowed

bugzilla-daemon at bugs.koha-community.org bugzilla-daemon at bugs.koha-community.org
Thu Oct 26 09:58:30 CEST 2023 

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29523

Marcel de Rooy <m.de.rooy at rijksmuseum.nl> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|BLOCKED                     |Passed QA

--- Comment #190 from Marcel de Rooy <m.de.rooy at rijksmuseum.nl> ---
QA Comment:

Great work. We have a base to build further. We might still improve on details?

[1] The code around strings, embeds and related permissions is not simple. We
could perhaps add some more comments. Maintenance might get harder along the
way. For instance, we trust on the recursion in to_api via the child calls in
the embeds loop. But who still remembers that a year later?
[2] We could still extend the unit tests by showing that the approach really
works with embed. I tested biblios/checkouts with embed patron on the API
versus patrons to see if it worked for a less privileged staff user.
[3] Based on the unredact_list we may be nulling some columns. Developers
should be aware of mismatches with swagger specifications. See earlier
examples.
[4] Still wondering if we should combine public_read_list with accessible +
unredact_list for the public interface. Note that we do now, is safer since we
might still null some fields (theoretically). But the result is harder to
grasp.
[5 ] Some unit tests are not at the highest tidy level. Given the history and
complexity, I gladly ignore that here.
 WARN   t/db_dependent/Koha/REST/Plugin/Objects.t
   WARN   tidiness
                The file is less tidy than before (bad/messy lines before: 295,
now: 303)
 WARN   t/db_dependent/api/v1/acquisitions_baskets.t
   WARN   tidiness
                The file is less tidy than before (bad/messy lines before: 10,
now: 14)
 WARN   t/db_dependent/api/v1/acquisitions_funds.t
   WARN   tidiness
                The file is less tidy than before (bad/messy lines before: 35,
now: 45)
 WARN   t/db_dependent/api/v1/patrons.t
   WARN   tidiness
                The file is less tidy than before (bad/messy lines before: 258,
now: 263)

-- 
You are receiving this mail because:
You are watching all bug changes.

More information about the Koha-bugs mailing list