[Bug 42732] New: Migrate catalogue/detail.tt addToBundle $.post to api-client.js
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42732 Bug ID: 42732 Summary: Migrate catalogue/detail.tt addToBundle $.post to api-client.js Initiative type: --- Sponsorship --- status: Product: Koha Version: Main Hardware: All OS: All Status: NEW Severity: normal Priority: P5 - low Component: REST API Assignee: koha-bugs@lists.koha-community.org Reporter: tomascohen@gmail.com QA Contact: testopia@bugs.koha-community.org CC: tomascohen@gmail.com catalogue/detail.tt (line 1969) uses $.post() to call /api/v1/items/{id}/bundled_items. This should be migrated to use api-client.js which already handles CSRF token injection. This is a prerequisite for enforcing CSRF protection on the REST API (Bug 34451). -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42732 Tomás Cohen Arazi (tcohen) <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jonathan.druart@gmail.com, | |martin.renvoize@openfifth.c | |o.uk Assignee|koha-bugs@lists.koha-commun |tomascohen@gmail.com |ity.org | Blocks| |34451 -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42732 Tomás Cohen Arazi (tcohen) <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Patch complexity|--- |Trivial patch Status|NEW |Needs Signoff -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42732 --- Comment #1 from Tomás Cohen Arazi (tcohen) <tomascohen@gmail.com> --- Created attachment 199767 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=199767&action=edit Bug 42732: Migrate catalogue/detail.tt addToBundle $.post to api-client.js Replace direct $.post() to /api/v1/items/{id}/bundled_items with ItemAPIClient.bundled_items.add(), which uses http-client.js and automatically includes the CSRF token header. Signed-off-by: Tomás Cohen Arazi <tomascohen@theke.io> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42732 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dcook@prosentient.com.au -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42732 Jonathan Druart <jonathan.druart@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Needs Signoff |Failed QA --- Comment #2 from Jonathan Druart <jonathan.druart@gmail.com> --- It does not work: Uncaught TypeError: can't access property "bundled_items", client is undefined => item-api-client.js is not in js/fetch/api-client.js Also I am not sure it's a good idea to have the return_response=true in the api client, you should pass it as a parameter. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42732 Tomás Cohen Arazi (tcohen) <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Failed QA |Needs Signoff -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42732 Tomás Cohen Arazi (tcohen) <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #199767|0 |1 is obsolete| | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42732 --- Comment #3 from Tomás Cohen Arazi (tcohen) <tomascohen@gmail.com> --- Created attachment 199833 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=199833&action=edit Bug 42732: Migrate catalogue/detail.tt addToBundle $.post to api-client.js Replace direct $.post() to /api/v1/items/{id}/bundled_items with ItemAPIClient.bundled_items.add(), which uses http-client.js and automatically includes the CSRF token header. The caller passes return_response: true because it needs access to the raw response status code and body for fine-grained error handling (different user-facing messages for 409/already_bundled, 409/checked_out, 409/reserved, 404/not_found, 400/failed_nesting). http-client.js default behavior throws a plain Error on non-2xx responses, losing the status code and error_code fields the UI needs. Signed-off-by: Tomás Cohen Arazi <tomascohen@theke.io> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42732 Jonathan Druart <jonathan.druart@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.koha-community | |.org/bugzilla3/show_bug.cgi | |?id=42875 --- Comment #4 from Jonathan Druart <jonathan.druart@gmail.com> --- Found bug 42875 when testing this patch. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42732 Jonathan Druart <jonathan.druart@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Needs Signoff |Signed Off -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42732 Jonathan Druart <jonathan.druart@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #199833|0 |1 is obsolete| | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42732 --- Comment #5 from Jonathan Druart <jonathan.druart@gmail.com> --- Created attachment 200636 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=200636&action=edit Bug 42732: Migrate catalogue/detail.tt addToBundle $.post to api-client.js Replace direct $.post() to /api/v1/items/{id}/bundled_items with ItemAPIClient.bundled_items.add(), which uses http-client.js and automatically includes the CSRF token header. The caller passes return_response: true because it needs access to the raw response status code and body for fine-grained error handling (different user-facing messages for 409/already_bundled, 409/checked_out, 409/reserved, 404/not_found, 400/failed_nesting). http-client.js default behavior throws a plain Error on non-2xx responses, losing the status code and error_code fields the UI needs. Signed-off-by: Tomás Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> -- You are receiving this mail because: You are watching all bug changes.
participants (1)
-
bugzilla-daemon@bugs.koha-community.org