https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14868 Lari Taskula <larit@student.uef.fi> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #42761|0 |1 is obsolete| | --- Comment #2 from Lari Taskula <larit@student.uef.fi> --- Created attachment 52577 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=52577&action=edit Bug 14868: Swagger2-driven Permission checking A hasty downgrade from 13920, utilizing new features implemented by the Mojolicious::Plugin::Swagger2-author, to make it possible to implement more complex authentication/authorization scenarios with the Plugin. Define 'x-koha-permission' for the Swagger2 Operation Object, to automatically authorize against the required permissions. This way we immediately tell the API consumer in the Swagger2-definition, which permissions are needed to access defined resources. Also we don't need to maintain permissions in multiple locations and we can build a smart testing framework to help a lot in creating tests for the new REST API. Rebase notes from 2015-09-22 to 2016-06-20: - In patrons.t, change expected HTTP 403 to 401 when accessing the endpoint without authentication (401 = not authenticated, 403 = authenticated, but no permission). -- You are receiving this mail because: You are watching all bug changes.