https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19316 --- Comment #9 from David Cook <dcook@prosentient.com.au> --- (In reply to David Cook from comment #8)
At a glance, it looks like this data could leak out to the public through the API. How might that be prevented?
Then again... while it's available via REST API as exposed by the OPAC website... it looks like you need to be a logged in staff user to see it. If an API consumer is showing items, hopefully they're using a public endpoint like http://kohadev.mydnsname.org:8080/api/v1/public/biblios/29/items So maybe it's fine... http://kohadev.mydnsname.org:8080/api/v1/items/73 {"error":"Authorization failure. Missing required permission(s).","required_permissions":{"catalogue":"1"}} -- You are receiving this mail because: You are watching all bug changes.