https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=24861 --- Comment #7 from Tomás Cohen Arazi <tomascohen@gmail.com> --- (In reply to Tomás Cohen Arazi from comment #6)
(In reply to David Cook from comment #4)
(In reply to Tomás Cohen Arazi from comment #2)
The message could be better. Being an error and the code (401) is the expected behavior without authentication.
I'll have to test again, but it seems that I was being authenticated, but that I wasn't being authorized:
{"error":"Authorization failure. Missing required permission(s).","required_permissions":null}
That's a generic handling of an exception that seems to work for the non-public use case and should be handled better for the public case (i.e. it shouldn't mention required permissions). But the exception is raised correctly by allow_owner(). So this is an error message bug.
I mean the last fallback exception in authenticate_api_request(), which is reached because allow_owner() returns false in the previous 'if'. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.