https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=27423 --- Comment #6 from David Cook <dcook@prosentient.com.au> --- (In reply to Katrin Fischer from comment #3)
I think the scope of ILS-DI and the REST-API is also different.
This is an API for discovery interfaces that's supposed to not allow more than the OPAC user should be able to do. They can place a hold... but they cannot manipulate a holds data. They can look up a patron, but not change their data etc.
I believe the REST API as is might not serve well here as it allows too much and you'd want to have something more limited to be used by external catalog/discovery providers specifically`?
Those are interesting points too. I have been thinking that Koha is due for a review of its authorization system... -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.