https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=24861 --- Comment #6 from Tomás Cohen Arazi <tomascohen@gmail.com> --- (In reply to David Cook from comment #4)
(In reply to Tomás Cohen Arazi from comment #2)
The message could be better. Being an error and the code (401) is the expected behavior without authentication.
I'll have to test again, but it seems that I was being authenticated, but that I wasn't being authorized:
{"error":"Authorization failure. Missing required permission(s).","required_permissions":null}
That's a generic handling of an exception that seems to work for the non-public use case and should be handled better for the public case (i.e. it shouldn't mention required permissions). But the exception is raised correctly by allow_owner(). So this is an error message bug. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.