https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=43030 --- Comment #11 from Martin Renvoize (ashimema) <martin.renvoize@openfifth.co.uk> --- Created attachment 201756 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=201756&action=edit Bug 43030: Point generic auth-permission tests away from /api/v1/patrons t/db_dependent/api/v1/{auth,auth_basic,oauth}.t each used GET /api/v1/patrons purely as a stand-in "some endpoint requiring a permission" to exercise generic 401/403/503 branches in authenticate_api_request. Now that this endpoint allows self-access, a permission-less patron is admitted (scoped to their own record) instead of rejected, so these generic checks now point at DELETE /api/v1/patrons/-1 instead, which still requires delete_borrowers unconditionally. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.