https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36561 Tomás Cohen Arazi (tcohen) <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #166549|0 |1 is obsolete| | Attachment #166550|0 |1 is obsolete| | Attachment #166551|0 |1 is obsolete| | --- Comment #27 from Tomás Cohen Arazi (tcohen) <tomascohen@gmail.com> --- Created attachment 184590 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=184590&action=edit Bug 36561: Add new permission `api_validate_password` This change adds a `api_validate_password` permission which allows a user to only validate borrowers by using the /api/v1/auth/password/validation endpoint. This avoids scenarios where you want third-parties to authenticate a user without giving them full permissions to perform CRUD operations on user data. To test: 1. Apply patch 2. Run "koha-upgrade-schema kohadev" 3. koha-plack --reload kohadev 4. prove -v t/db_dependent/api/v1/password_validation.t 5. Visit http://localhost:8081/cgi-bin/koha/members/member-flags.pl?member=51 6. Note that a new subpermission `api_validate_password` appears under the "borrowers" permission Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> -- You are receiving this mail because: You are watching all bug changes.