https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40441 Bug ID: 40441 Summary: /auth/password/validation ( validateUserAndPassword ) requires too much permissions Change sponsored?: --- Product: Koha Version: Main Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 - low Component: REST API Assignee: koha-bugs@lists.koha-community.org Reporter: lucas@bywatersolutions.com QA Contact: testopia@bugs.koha-community.org CC: tomascohen@gmail.com In the API swagger definition for validateUserAndPassword: 1184 x-koha-authorization: 1185 permissions: 1186 borrowers: "1" Requiring the top level permission is more than should be needed. It shouldn't need delete_borrowers or send_messages_to_borrowers. We should add a new sub-permission for borrowers like 'api_validate_password' -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.