https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 --- Comment #12 from David Cook <dcook@prosentient.com.au> --- (In reply to Martin Renvoize from comment #10)
I think we need more work here to provide for 'read' and 'write' allowlists.. we also need a way to alter the allowlist from the Koha object when required as with the load time at to_api here we currently have no way to pass overrides to the allowlist.
I think that we've overloaded the allow list concept. I originally came up with the allow list concept to function as a user input validation allow/valid list rather than an attribute-based access control list. I like attribute-based access control, but it might make more sense to start there and then do the input validation rather than going the other way around. -- You are receiving this mail because: You are watching all bug changes.