https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14868 Olli-Antti Kivilahti <olli-antti.kivilahti@jns.fi> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #52603|0 |1 is obsolete| | --- Comment #13 from Olli-Antti Kivilahti <olli-antti.kivilahti@jns.fi> --- Created attachment 52965 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=52965&action=edit Bug 14868: Give users possibility to request their own object If the user has no required permissions, but attempts to access his own object, allow this request in case "x-koha-permission" has defined "allow-owner": "1". As an example, the following resource can be accessed if user has borrowers-flag or if he is making the request to his own borrowernumber (in path or body): "/patrons/{borrowernumber}": { .. "x-koha-permission": { "allow-owner": "1", "permissions": { "borrowers": "1" } } } Signed-off-by: Olli-Antti Kivilahti <olli-antti.kivilahti@jns.fi> My name is Olli-Antti Kivilahti and I approve this commit. We have been using the Swagger2.0-driven REST API on Mojolicious for 1 year now in production and I am certain we have a pretty good idea on how to work with the limitations of Swagger2.0 We participated in the development of the Mojolicious::Plugin::Swagger and know it well. We have made an extension to the plugin to provide full CORS support and have been building all our in-house features on the new REST API. -- You are receiving this mail because: You are watching all bug changes.