[Bug 21198] New: authenticate_api_request should stash the reason access is granted
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21198 Bug ID: 21198 Summary: authenticate_api_request should stash the reason access is granted Change sponsored?: --- Product: Koha Version: master Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 - low Component: REST api Assignee: koha-bugs@lists.koha-community.org Reporter: tomascohen@gmail.com There's a pattern we will be facing in the controllers where overloading the behaviour depending on the logged user permissions. We have the information on the request on the permissions check step, and it should be carried down to the controllers for its use. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21198 Alex Arnaud <alex.arnaud@biblibre.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |alex.arnaud@biblibre.com -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21198 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends on| |22071 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22071 [Bug 22071] Make authenticate_api_request stash koha.user in OAuth use case -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21198 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |josef.moravec@gmail.com, | |kyle@bywatersolutions.com, | |martin.renvoize@ptfs-europe | |.com -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21198 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|koha-bugs@lists.koha-commun |tomascohen@gmail.com |ity.org | -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21198 --- Comment #1 from Tomás Cohen Arazi <tomascohen@gmail.com> --- Created attachment 83683 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=83683&action=edit Bug 21198: Unit tests -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21198 --- Comment #2 from Tomás Cohen Arazi <tomascohen@gmail.com> --- Created attachment 83684 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=83684&action=edit Bug 21198: Make authenticate_api_request stash the reason access is granted This patch makes the authenticate_api_request method stash the reason the request or has been granted access to the resource. Possible values are: - permissions - owner - guarantor This will allow the controllers to avoid querying on their own for this info. To test: - Run: $ kshell k$ prove t/db_dependent/api/v1/auth_authenticate_api_request.t => SUCCESS: Tests pass! - Sign off :-D -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21198 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |Needs Signoff --- Comment #3 from Tomás Cohen Arazi <tomascohen@gmail.com> --- When I thought about this, I was writing the /patrons/:patron_id/password endpoint, which was an hybrid endpoint: it was intended for the user to change its own password, and also an admin user to change a patron's password. It required the controller to check what was the reason to grant access to the resource. We decided to create a /public namespace for endpoints that would be used by unprivileged users instead. I decided to still submit this, because - We might need it - People writing endpoints through plugins could take advantage of this I hope you'll agree with this enhancement. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21198 Bug 21198 depends on bug 22071, which changed state. Bug 22071 Summary: authenticate_api_request does not stash koha.user in the OAuth use case https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22071 What |Removed |Added ---------------------------------------------------------------------------- Status|Pushed to Stable |RESOLVED Resolution|--- |FIXED -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21198 Josef Moravec <josef.moravec@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Needs Signoff |Failed QA --- Comment #4 from Josef Moravec <josef.moravec@gmail.com> --- # Failed test '200 OK' # at t/db_dependent/api/v1/auth_authenticate_api_request.t line 161. # got: '403' # expected: '200' not ok 9 - grant_reason is 'guarantor' # Failed test 'grant_reason is 'guarantor'' # at t/db_dependent/api/v1/auth_authenticate_api_request.t line 164. # got: undef # expected: 'guarantor' -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21198 Martin Renvoize <martin.renvoize@ptfs-europe.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |INVALID Status|Failed QA |RESOLVED --- Comment #5 from Martin Renvoize <martin.renvoize@ptfs-europe.com> --- At this point I'm not sure this really serves any purpose.. I'm going to mark it as invalid for now. We can always revisit it in the future should we choose to do so. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21198 --- Comment #6 from Martin Renvoize <martin.renvoize@ptfs-europe.com> --- In reality, what I believe would be considerably more useful is for us to implement the FIXME in C4::Auth->haspermission `#FIXME - This fcn should return the failed permission so a suitable error msg can be delivered.` Passing back the permission one is missing, perhaps as a catch-able Koha::Exception or something would be a distinctly more useful pattern. -- You are receiving this mail because: You are watching all bug changes.
participants (1)
-
bugzilla-daemon@bugs.koha-community.org