[Bug 28948] New: Add a /public counterpart for the libraries REST endpoints
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 Bug ID: 28948 Summary: Add a /public counterpart for the libraries REST endpoints Change sponsored?: --- Product: Koha Version: master Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 - low Component: REST API Assignee: koha-bugs@lists.koha-community.org Reporter: martin.renvoize@ptfs-europe.com This bug will add the public facing libraries endpoint. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 Martin Renvoize <martin.renvoize@ptfs-europe.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|koha-bugs@lists.koha-commun |martin.renvoize@ptfs-europe |ity.org |.com -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 --- Comment #1 from Martin Renvoize <martin.renvoize@ptfs-europe.com> --- I'm going to grab the foundations from bug 27358 to push here so we can get those in but based on a simpler final goal with the libraries table. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 Martin Renvoize <martin.renvoize@ptfs-europe.com> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.koha-community | |.org/bugzilla3/show_bug.cgi | |?id=27358 -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 --- Comment #2 from Martin Renvoize <martin.renvoize@ptfs-europe.com> --- Created attachment 124479 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=124479&action=edit Bug 28948: Add a generic way to handle API privileged access attributes deny-list This patch introduces a way for Koha::Object(s)->to_api to filter out attributes that require privileged access. It is done in a way that the 'public' parameter is recursively passed to nested objects in recursive to_api() calls. This way, Koha::Object-based classes can determine how they will render depending on this parameter. For example, for implementing a route for fetching an library looks like: GET /libraries The controller will look like: my $library = Koha::Libraries->find( $c->validation->param('library_id') ); return $c->render( status => 200, openapi => $library->to_api ); Implementing an unprivileged (public) route would look like: GET /public/libraries/:library_id The controller will look like: my $library = Koha::Libraries->find( $c->validation->param('library_id') ); return $c->render( status => 200, openapi => $library->to_api({ public => 1 }) ); To test: 1. Apply this patch 2. Run: $ kshell k$ prove t/db_dependent/Koha/Object*.t => SUCCESS: Tests pass (i.e. current behaviour is kept, new behaviour passes the tests) 3. Sign off :-D Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 --- Comment #3 from Martin Renvoize <martin.renvoize@ptfs-europe.com> --- Created attachment 124480 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=124480&action=edit Bug 28948: Make is_public stashed on public routes This patch makes the API authentication code stash the 'is_public' value when public routes are hit. This will be particularly useful to have $c->objects->search generically pass this info down to the ->to_api method. To test: 1. Apply this patch 2. Run: $ kshell k$ prove t/db_dependent/api/v1/auth_authenticate_api_request.t => SUCCESS: Tests pass! When a public route is reached, the controller has the 'is_public' value stashed 3. Sign off :-D Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 --- Comment #4 from Martin Renvoize <martin.renvoize@ptfs-europe.com> --- Created attachment 124481 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=124481&action=edit Bug 28948: Teach objects.search about public requests Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 --- Comment #5 from Martin Renvoize <martin.renvoize@ptfs-europe.com> --- Created attachment 124482 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=124482&action=edit Bug 28948: Add GET /public/libraries routes This patch introduces a route to fetch a list of libraries or a single library as expected on the /public namespace. It is expected to return the 'public' representation of the Koha::Library objects. To test: 1. Apply this patches 2. Run: $ kshell k$ prove t/db_dependent/api/v1/libraries.t => SUCCESS: Test pass and they cover all the cases! 3. Try your favourite REST tool against the new route. 4. Sign off :-D Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 --- Comment #6 from Martin Renvoize <martin.renvoize@ptfs-europe.com> --- Created attachment 124483 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=124483&action=edit Bug 28948: (QA follow-up) Convert to allow-list This patch converts the code to use an allow-list as aposed to a deny-list. This is more 'fail safe' than requireing maintanence of a deny-list. We also switch to using db fields names for the list as aposed to api mapped names. This way, the list can be re-used for non-api related sanitising if required. Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 Martin Renvoize <martin.renvoize@ptfs-europe.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |Needs Signoff -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 --- Comment #7 from Martin Renvoize <martin.renvoize@ptfs-europe.com> --- OK.. grabbed the patches from bug 27358 as agreed and reworked them for the libraries endpoints.. just minor alterations to tests to use the alternate route really. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 Martin Renvoize <martin.renvoize@ptfs-europe.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Needs Signoff |Signed Off -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 Kyle M Hall <kyle@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Signed Off |Failed QA CC| |kyle@bywatersolutions.com --- Comment #8 from Kyle M Hall <kyle@bywatersolutions.com> --- root@kohadevbox:koha(bug28948-qa)$ prove t/db_dependent/Koha/Objects.t t/db_dependent/Koha/Objects.t .. 18/24 # Failed test at t/db_dependent/Koha/Objects.t line 1214. # Failed test at t/db_dependent/Koha/Objects.t line 1226. # Looks like you failed 2 tests of 13. t/db_dependent/Koha/Objects.t .. 20/24 # Failed test 'filter_by_last_update' # at t/db_dependent/Koha/Objects.t line 1234. # Looks like you failed 1 test of 24. t/db_dependent/Koha/Objects.t .. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/24 subtests Test Summary Report ------------------- t/db_dependent/Koha/Objects.t (Wstat: 256 Tests: 24 Failed: 1) Failed test: 20 Non-zero exit status: 1 Files=1, Tests=24, 17 wallclock secs ( 0.05 usr 0.01 sys + 12.17 cusr 2.62 csys = 14.85 CPU) Result: FAIL -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 Kyle M Hall <kyle@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- QA Contact| |kyle@bywatersolutions.com -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Failed QA |Signed Off CC| |tomascohen@gmail.com --- Comment #9 from Tomás Cohen Arazi <tomascohen@gmail.com> --- (In reply to Kyle M Hall from comment #8)
root@kohadevbox:koha(bug28948-qa)$ prove t/db_dependent/Koha/Objects.t t/db_dependent/Koha/Objects.t .. 18/24 # Failed test at t/db_dependent/Koha/Objects.t line 1214.
# Failed test at t/db_dependent/Koha/Objects.t line 1226. # Looks like you failed 2 tests of 13. t/db_dependent/Koha/Objects.t .. 20/24 # Failed test 'filter_by_last_update' # at t/db_dependent/Koha/Objects.t line 1234. # Looks like you failed 1 test of 24. t/db_dependent/Koha/Objects.t .. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/24 subtests
That's a failure in master. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dcook@prosentient.com.au -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |28965, 27358 See Also|https://bugs.koha-community | |.org/bugzilla3/show_bug.cgi | |?id=27358 | Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=27358 [Bug 27358] Add GET /public/biblios/:biblio_id/items https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28965 [Bug 28965] Add public routes for lists -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 --- Comment #10 from Martin Renvoize <martin.renvoize@ptfs-europe.com> --- Created attachment 124749 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=124749&action=edit Bug 28948: (follow-up) Use ::Allowlist structure This patch updates the patchset to use the ::Allowlist structure introduced with bug 28935. I think we need more work here to provide for 'read' and 'write' allowlists.. we also need a way to alter the allowlist from the Koha object when required as with the load time at to_api here we currently have no way to pass overrides to the allowlist. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 Marcel de Rooy <m.de.rooy@rijksmuseum.nl> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |m.de.rooy@rijksmuseum.nl --- Comment #11 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- + my $allowlist = Koha::Library::Allowlist->new({ interface => 'opac' })->load(); We should allow chaining then. IIRC load does not return self now. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 --- Comment #12 from David Cook <dcook@prosentient.com.au> --- (In reply to Martin Renvoize from comment #10)
I think we need more work here to provide for 'read' and 'write' allowlists.. we also need a way to alter the allowlist from the Koha object when required as with the load time at to_api here we currently have no way to pass overrides to the allowlist.
I think that we've overloaded the allow list concept. I originally came up with the allow list concept to function as a user input validation allow/valid list rather than an attribute-based access control list. I like attribute-based access control, but it might make more sense to start there and then do the input validation rather than going the other way around. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 --- Comment #13 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- (In reply to David Cook from comment #12)
I think that we've overloaded the allow list concept. I originally came up with the allow list concept to function as a user input validation allow/valid list rather than an attribute-based access control list.
I am submitting shortly a generic AllowList and a Koha::Object::ColumnSet proposal on bug 28999. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 --- Comment #14 from Tomás Cohen Arazi <tomascohen@gmail.com> --- Please, keep in mind that the API already has input/output validation, specified in the OpenAPI spec. That's why this dev was originally simple and only included a list of attributes for the 'public' context. Also, this allowed for easy implementation of calculated lists: frameworks telling what item structure to hide? Sysprefs? Also, keep in mind that public and staff are not the only representations we might want for resources: we could have a 'brief' representation to be used in dropdowns (id+name). I mention it, because that's where the simplicity came from. For what is worth, I think we should do use base wq(Koha::Object Koha::Object::AllowList) And have AllowList just read the library's defined lists... I mean not implementing a new AllowList class for each thing -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 --- Comment #15 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- (In reply to Tomás Cohen Arazi from comment #14)
And have AllowList just read the library's defined lists... I mean not implementing a new AllowList class for each thing
Bug 28999 centralizes attributes lists in the schema file for the table. In the ColumnSet concept. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 --- Comment #16 from Tomás Cohen Arazi <tomascohen@gmail.com> --- (In reply to Marcel de Rooy from comment #15)
(In reply to Tomás Cohen Arazi from comment #14)
And have AllowList just read the library's defined lists... I mean not implementing a new AllowList class for each thing
Bug 28999 centralizes attributes lists in the schema file for the table. In the ColumnSet concept.
+1 looks interesting! -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 --- Comment #17 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- + # FIXME: All modules should have a corresponding allowlist eventually + my $allowclass = ref($self) . '::Allowlist'; + if ( can_load( modules => { $allowclass => undef } ) ) { + my $allowlist = $allowclass->new( + { interface => $params->{public} ? 'opac' : 'staff' } ); + $allowlist->load; + my $blocked = $allowlist->apply( { input => $json_object } ); + Koha::Logger->get->debug( + ref($self) + . "::to_api allowlist blocked fields: " + . ( + join ', ', + map { $_ . '=' . $blocked->{$_} } sort keys %$blocked + ) + ) if keys %$blocked; So this would become something like (using api_staff and api_public; whats in a name): $json_object = $self->filter({ column_set => $params->{public} ? 'api_public' : 'api' }); It is just one line if you skip logging. Which is probably fine here. If we need it, the idea is now to add a dump => $dump parameter. Note that the concept is still a concept. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 --- Comment #18 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- Created attachment 124911 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=124911&action=edit Bug 28948: Changes -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 --- Comment #19 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- (In reply to Marcel de Rooy from comment #18)
Created attachment 124911 [details] [review] Bug 28948: Changes
Not completely finished here. Other test needs adjustment still. Read something about overriding.. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 Marcel de Rooy <m.de.rooy@rijksmuseum.nl> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.koha-community | |.org/bugzilla3/show_bug.cgi | |?id=29029 -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 --- Comment #20 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- (In reply to Martin Renvoize from comment #10)
This patch updates the patchset to use the ::Allowlist structure introduced with bug 28935. I think we need more work here to provide for 'read' and 'write' allowlists.. we also need a way to alter the allowlist from the Koha object when required as with the load time at to_api here we currently have no way to pass overrides to the allowlist.
The ColumnSet allows you to create lists for various contexts. You can make that as complex as you want. You could just create a complete attribute list for each use case initially, but surely get_column_set could return the merge of two sets or the intersection etc. $column_sets = { stuff }; $column_sets->{another1} = [ uniq( @$set1, @$set2) ]; $column_sets->{another2} = [ intersect( $set1, $set2) ]; where $set1 and $set2 refer to entries in $column_sets As to overriding, I would tend to leave that to the controller. After running the specified filter, you can always add overrides like: $data = { $obj->filter, @overrides }; The number of needed overrides may be an indication for the need of improving the defined sets. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 Marcel de Rooy <m.de.rooy@rijksmuseum.nl> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #124911|0 |1 is obsolete| | --- Comment #21 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- Created attachment 124914 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=124914&action=edit Bug 28948: Changes Touched Objects.t now too. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 --- Comment #22 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- I elaborated on the changes of Martin, but note the following: - # Remove forbidden attributes if required - if ( $params->{public} - and $self->can('api_privileged_attrs') ) - { - foreach my $privileged_attr ( @{ $self->api_privileged_attrs } ) { - delete $json_object->{$privileged_attr}; - } - } Initially we only filtered the public side removing the api privileged keys. What we now do, is filter both public and staff ! Which is a serious difference obviously. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 --- Comment #23 from Martin Renvoize <martin.renvoize@ptfs-europe.com> --- Did it not just move: if ( can_load( modules => { $allowclass => undef } ) ) { { my $allowlist = $allowclass->new( { interface => $params->{public} ? 'opac' : 'staff' } ); $allowlist->load; -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 --- Comment #24 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- (In reply to Martin Renvoize from comment #23)
Did it not just move:
if ( can_load( modules => { $allowclass => undef } ) ) { { my $allowlist = $allowclass->new( { interface => $params->{public} ? 'opac' : 'staff' } ); $allowlist->load;
It became more or less the ->can('get_column_set') test. But this might not be what you mean. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 --- Comment #25 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- (In reply to Marcel de Rooy from comment #22)
Initially we only filtered the public side removing the api privileged keys. What we now do, is filter both public and staff ! Which is a serious difference obviously.
We apply an allow list on staff too now. Tomas did not. So we are removing a few staff fields, like: | branchphone | longtext | YES | | NULL | | | issuing | tinyint(4) | YES | | NULL | | | opac_info | mediumtext | YES | | NULL | | | geolocation | varchar(255) | YES | | NULL | | | pickup_location | tinyint(1) | NO | | 1 | | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 --- Comment #26 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- What he did, is something like: # Remove forbidden attributes if required if( $params->{public} && $self->_result->can('get_column_set') ) { #FIXME Temporary measure $json_object = $self->filter({ input => $json_object, column_set => 'public_read', log_level => 'debug' }); } -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #124480|0 |1 is obsolete| | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #124481|0 |1 is obsolete| | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #124482|0 |1 is obsolete| | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #124483|0 |1 is obsolete| | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #124749|0 |1 is obsolete| | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #124914|0 |1 is obsolete| | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #124479|0 |1 is obsolete| | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 --- Comment #27 from Tomás Cohen Arazi <tomascohen@gmail.com> --- Created attachment 125901 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=125901&action=edit Bug 28948: Add a generic way to handle API privileged access attributes deny-list This patch introduces a way for Koha::Object(s)->to_api to filter out attributes that require privileged access. It is done in a way that the 'public' parameter is recursively passed to nested objects in recursive to_api() calls. This way, Koha::Object-based classes can determine how they will render depending on this parameter. For example, for implementing a route for fetching an library looks like: GET /libraries The controller will look like: my $library = Koha::Libraries->find( $c->validation->param('library_id') ); return $c->render( status => 200, openapi => $library->to_api ); Implementing an unprivileged (public) route would look like: GET /public/libraries/:library_id The controller will look like: my $library = Koha::Libraries->find( $c->validation->param('library_id') ); return $c->render( status => 200, openapi => $library->to_api({ public => 1 }) ); To test: 1. Apply this patch 2. Run: $ kshell k$ prove t/db_dependent/Koha/Object*.t => SUCCESS: Tests pass (i.e. current behaviour is kept, new behaviour passes the tests) 3. Sign off :-D Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 --- Comment #28 from Tomás Cohen Arazi <tomascohen@gmail.com> --- Created attachment 125902 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=125902&action=edit Bug 28948: Make is_public stashed on public routes This patch makes the API authentication code stash the 'is_public' value when public routes are hit. This will be particularly useful to have $c->objects->search generically pass this info down to the ->to_api method. To test: 1. Apply this patch 2. Run: $ kshell k$ prove t/db_dependent/api/v1/auth_authenticate_api_request.t => SUCCESS: Tests pass! When a public route is reached, the controller has the 'is_public' value stashed 3. Sign off :-D Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 --- Comment #29 from Tomás Cohen Arazi <tomascohen@gmail.com> --- Created attachment 125903 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=125903&action=edit Bug 28948: Teach objects.search about public requests Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 --- Comment #30 from Tomás Cohen Arazi <tomascohen@gmail.com> --- Created attachment 125904 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=125904&action=edit Bug 28948: Add GET /public/libraries routes This patch introduces a route to fetch a list of libraries or a single library as expected on the /public namespace. It is expected to return the 'public' representation of the Koha::Library objects. To test: 1. Apply this patches 2. Run: $ kshell k$ prove t/db_dependent/api/v1/libraries.t => SUCCESS: Test pass and they cover all the cases! 3. Try your favourite REST tool against the new route. 4. Sign off :-D Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 --- Comment #31 from Tomás Cohen Arazi <tomascohen@gmail.com> --- Created attachment 125905 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=125905&action=edit Bug 28948: (QA follow-up) Convert to allow-list This patch converts the code to use an allow-list as aposed to a deny-list. This is more 'fail safe' than requireing maintanence of a deny-list. We also switch to using db fields names for the list as aposed to api mapped names. This way, the list can be re-used for non-api related sanitising if required. Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 --- Comment #32 from Tomás Cohen Arazi <tomascohen@gmail.com> --- Created attachment 125906 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=125906&action=edit Bug 28948: Remove FIXME This patch reproduces what we did for `to_api_mapping`: make it always present on Koha::Object classes. This has the side-effect of... making things more secure! Before this patch, if undefined, all attributes were returned. Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 --- Comment #33 from Kyle M Hall <kyle@bywatersolutions.com> --- Created attachment 125907 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=125907&action=edit Bug 28948: Remove query params, 'q' param covers everything needed -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 Kyle M Hall <kyle@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #125907|0 |1 is obsolete| | --- Comment #34 from Kyle M Hall <kyle@bywatersolutions.com> --- Created attachment 125908 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=125908&action=edit Bug 28948: Remove query params, 'q' param covers everything needed -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 Kyle M Hall <kyle@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #125908|0 |1 is obsolete| | --- Comment #35 from Kyle M Hall <kyle@bywatersolutions.com> --- Created attachment 125911 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=125911&action=edit Bug 28948: Remove query params, 'q' param covers everything needed -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 --- Comment #36 from Kyle M Hall <kyle@bywatersolutions.com> --- Created attachment 125912 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=125912&action=edit Bug 28948: Don't require catalogue permission for public route, don't allow smtp server embed -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 Kyle M Hall <kyle@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Signed Off |Failed QA --- Comment #37 from Kyle M Hall <kyle@bywatersolutions.com> --- The route /public/libraries/{library_id} needs to be implemented. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 Martin Renvoize <martin.renvoize@ptfs-europe.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #125901|0 |1 is obsolete| | --- Comment #38 from Martin Renvoize <martin.renvoize@ptfs-europe.com> --- Created attachment 126111 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=126111&action=edit Bug 28948: Add a generic way to handle API privileged access attributes deny-list This patch introduces a way for Koha::Object(s)->to_api to filter out attributes that require privileged access. It is done in a way that the 'public' parameter is recursively passed to nested objects in recursive to_api() calls. This way, Koha::Object-based classes can determine how they will render depending on this parameter. For example, for implementing a route for fetching an library looks like: GET /libraries The controller will look like: my $library = Koha::Libraries->find( $c->validation->param('library_id') ); return $c->render( status => 200, openapi => $library->to_api ); Implementing an unprivileged (public) route would look like: GET /public/libraries/:library_id The controller will look like: my $library = Koha::Libraries->find( $c->validation->param('library_id') ); return $c->render( status => 200, openapi => $library->to_api({ public => 1 }) ); To test: 1. Apply this patch 2. Run: $ kshell k$ prove t/db_dependent/Koha/Object*.t => SUCCESS: Tests pass (i.e. current behaviour is kept, new behaviour passes the tests) 3. Sign off :-D Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 Martin Renvoize <martin.renvoize@ptfs-europe.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #125902|0 |1 is obsolete| | --- Comment #39 from Martin Renvoize <martin.renvoize@ptfs-europe.com> --- Created attachment 126112 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=126112&action=edit Bug 28948: Make is_public stashed on public routes This patch makes the API authentication code stash the 'is_public' value when public routes are hit. This will be particularly useful to have $c->objects->search generically pass this info down to the ->to_api method. To test: 1. Apply this patch 2. Run: $ kshell k$ prove t/db_dependent/api/v1/auth_authenticate_api_request.t => SUCCESS: Tests pass! When a public route is reached, the controller has the 'is_public' value stashed 3. Sign off :-D Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 Martin Renvoize <martin.renvoize@ptfs-europe.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #125903|0 |1 is obsolete| | --- Comment #40 from Martin Renvoize <martin.renvoize@ptfs-europe.com> --- Created attachment 126113 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=126113&action=edit Bug 28948: Teach objects.search about public requests Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 Martin Renvoize <martin.renvoize@ptfs-europe.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #125904|0 |1 is obsolete| | --- Comment #41 from Martin Renvoize <martin.renvoize@ptfs-europe.com> --- Created attachment 126114 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=126114&action=edit Bug 28948: Add GET /public/libraries routes This patch introduces a route to fetch a list of libraries or a single library as expected on the /public namespace. It is expected to return the 'public' representation of the Koha::Library objects. To test: 1. Apply this patches 2. Run: $ kshell k$ prove t/db_dependent/api/v1/libraries.t => SUCCESS: Test pass and they cover all the cases! 3. Try your favourite REST tool against the new route. 4. Sign off :-D Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 Martin Renvoize <martin.renvoize@ptfs-europe.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #125905|0 |1 is obsolete| | --- Comment #42 from Martin Renvoize <martin.renvoize@ptfs-europe.com> --- Created attachment 126115 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=126115&action=edit Bug 28948: (QA follow-up) Convert to allow-list This patch converts the code to use an allow-list as aposed to a deny-list. This is more 'fail safe' than requireing maintanence of a deny-list. We also switch to using db fields names for the list as aposed to api mapped names. This way, the list can be re-used for non-api related sanitising if required. Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 Martin Renvoize <martin.renvoize@ptfs-europe.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #125906|0 |1 is obsolete| | --- Comment #43 from Martin Renvoize <martin.renvoize@ptfs-europe.com> --- Created attachment 126116 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=126116&action=edit Bug 28948: Remove FIXME This patch reproduces what we did for `to_api_mapping`: make it always present on Koha::Object classes. This has the side-effect of... making things more secure! Before this patch, if undefined, all attributes were returned. Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 Martin Renvoize <martin.renvoize@ptfs-europe.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #125911|0 |1 is obsolete| | --- Comment #44 from Martin Renvoize <martin.renvoize@ptfs-europe.com> --- Created attachment 126117 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=126117&action=edit Bug 28948: Remove query params, 'q' param covers everything needed Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 Martin Renvoize <martin.renvoize@ptfs-europe.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #125912|0 |1 is obsolete| | --- Comment #45 from Martin Renvoize <martin.renvoize@ptfs-europe.com> --- Created attachment 126118 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=126118&action=edit Bug 28948: Don't require catalogue permission for public route, don't allow smtp server embed Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 Martin Renvoize <martin.renvoize@ptfs-europe.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Failed QA |Signed Off --- Comment #46 from Martin Renvoize <martin.renvoize@ptfs-europe.com> --- Issues fixed and squashed into original patches to save tiny typo fix commits Back to signed off as I ran through all the tests again and am happy it all appears to be working. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 Martin Renvoize <martin.renvoize@ptfs-europe.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |28854 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28854 [Bug 28854] [ALTERNATIVE] Add ability to create bundles of items -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 Kyle M Hall <kyle@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Signed Off |Passed QA -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 Kyle M Hall <kyle@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #126111|0 |1 is obsolete| | Attachment #126112|0 |1 is obsolete| | Attachment #126113|0 |1 is obsolete| | Attachment #126114|0 |1 is obsolete| | Attachment #126115|0 |1 is obsolete| | Attachment #126116|0 |1 is obsolete| | Attachment #126117|0 |1 is obsolete| | Attachment #126118|0 |1 is obsolete| | --- Comment #47 from Kyle M Hall <kyle@bywatersolutions.com> --- Created attachment 126119 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=126119&action=edit Bug 28948: Add a generic way to handle API privileged access attributes deny-list This patch introduces a way for Koha::Object(s)->to_api to filter out attributes that require privileged access. It is done in a way that the 'public' parameter is recursively passed to nested objects in recursive to_api() calls. This way, Koha::Object-based classes can determine how they will render depending on this parameter. For example, for implementing a route for fetching an library looks like: GET /libraries The controller will look like: my $library = Koha::Libraries->find( $c->validation->param('library_id') ); return $c->render( status => 200, openapi => $library->to_api ); Implementing an unprivileged (public) route would look like: GET /public/libraries/:library_id The controller will look like: my $library = Koha::Libraries->find( $c->validation->param('library_id') ); return $c->render( status => 200, openapi => $library->to_api({ public => 1 }) ); To test: 1. Apply this patch 2. Run: $ kshell k$ prove t/db_dependent/Koha/Object*.t => SUCCESS: Tests pass (i.e. current behaviour is kept, new behaviour passes the tests) 3. Sign off :-D Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 --- Comment #48 from Kyle M Hall <kyle@bywatersolutions.com> --- Created attachment 126120 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=126120&action=edit Bug 28948: Make is_public stashed on public routes This patch makes the API authentication code stash the 'is_public' value when public routes are hit. This will be particularly useful to have $c->objects->search generically pass this info down to the ->to_api method. To test: 1. Apply this patch 2. Run: $ kshell k$ prove t/db_dependent/api/v1/auth_authenticate_api_request.t => SUCCESS: Tests pass! When a public route is reached, the controller has the 'is_public' value stashed 3. Sign off :-D Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 --- Comment #49 from Kyle M Hall <kyle@bywatersolutions.com> --- Created attachment 126121 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=126121&action=edit Bug 28948: Teach objects.search about public requests Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 --- Comment #50 from Kyle M Hall <kyle@bywatersolutions.com> --- Created attachment 126122 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=126122&action=edit Bug 28948: Add GET /public/libraries routes This patch introduces a route to fetch a list of libraries or a single library as expected on the /public namespace. It is expected to return the 'public' representation of the Koha::Library objects. To test: 1. Apply this patches 2. Run: $ kshell k$ prove t/db_dependent/api/v1/libraries.t => SUCCESS: Test pass and they cover all the cases! 3. Try your favourite REST tool against the new route. 4. Sign off :-D Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 --- Comment #51 from Kyle M Hall <kyle@bywatersolutions.com> --- Created attachment 126123 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=126123&action=edit Bug 28948: (QA follow-up) Convert to allow-list This patch converts the code to use an allow-list as aposed to a deny-list. This is more 'fail safe' than requireing maintanence of a deny-list. We also switch to using db fields names for the list as aposed to api mapped names. This way, the list can be re-used for non-api related sanitising if required. Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 --- Comment #52 from Kyle M Hall <kyle@bywatersolutions.com> --- Created attachment 126124 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=126124&action=edit Bug 28948: Remove FIXME This patch reproduces what we did for `to_api_mapping`: make it always present on Koha::Object classes. This has the side-effect of... making things more secure! Before this patch, if undefined, all attributes were returned. Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 --- Comment #53 from Kyle M Hall <kyle@bywatersolutions.com> --- Created attachment 126125 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=126125&action=edit Bug 28948: Remove query params, 'q' param covers everything needed Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 --- Comment #54 from Kyle M Hall <kyle@bywatersolutions.com> --- Created attachment 126126 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=126126&action=edit Bug 28948: Don't require catalogue permission for public route, don't allow smtp server embed Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 Martin Renvoize <martin.renvoize@ptfs-europe.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks|28854 | Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28854 [Bug 28854] [ALTERNATIVE] Add ability to create bundles of items -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 --- Comment #55 from Tomás Cohen Arazi <tomascohen@gmail.com> --- Created attachment 127054 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=127054&action=edit Bug 28948: Fix random failure This patch makes the query for randomly generated libraries deterministic, thus getting rid of the random tests failures. Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 --- Comment #56 from Jonathan Druart <jonathan.druart+koha@gmail.com> --- Created attachment 127055 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=127055&action=edit Bug 28948: Fix tests t/db_dependent/Koha/REST/Plugin/Objects.t .............. 12/13 # Failed test 'Public representation of $library_1 is retrieved' # at t/db_dependent/Koha/REST/Plugin/Objects.t line 546. # Structures begin differing at: # $got->{country} = 'cCaL3l' # $expected->{country} = 'jcxuV1zl' # Failed test 'Public representation of $library_2 is retrieved' # at t/db_dependent/Koha/REST/Plugin/Objects.t line 546. # Structures begin differing at: # $got->{state} = 'QVAutHLBs' # $expected->{state} = 'hZotjENErQ' # Looks like you failed 2 tests of 3. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 Jonathan Druart <jonathan.druart+koha@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Passed QA |Failed QA CC| |jonathan.druart+koha@gmail. | |com --- Comment #57 from Jonathan Druart <jonathan.druart+koha@gmail.com> --- Tests are failing for me t/db_dependent/api/v1/auth_authenticate_api_request.t .. 1/6 # Failed test '200 OK' # at t/db_dependent/api/v1/auth_authenticate_api_request.t line 131. # got: '401' # expected: '200' # Failed test 'The 'koha.user' object is defined in the stash' # at t/db_dependent/api/v1/auth_authenticate_api_request.t line 134. # Failed test 'userenv set correctly' # at t/db_dependent/api/v1/auth_authenticate_api_request.t line 137. # got: undef # expected: '382' # Failed test 'exact match for JSON Pointer ""' # at t/db_dependent/api/v1/auth_authenticate_api_request.t line 154. # Structures begin differing at: # $got->{error} = 'Session has been expired.' # $expected->{error} = 'Authentication failure.' # Looks like you failed 1 test of 3. # Failed test 'logged-out tests' # at t/db_dependent/api/v1/auth_authenticate_api_request.t line 157. # Looks like you planned 8 tests but ran 6. # Looks like you failed 4 tests of 6 run. # Failed test 'cookie-based tests' # at t/db_dependent/api/v1/auth_authenticate_api_request.t line 160. Rebased version of the patches at https://gitlab.com/joubu/Koha/-/tree/bug_28948 -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 Jonathan Druart <jonathan.druart+koha@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #127055|0 |1 is obsolete| | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 Jonathan Druart <jonathan.druart+koha@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Failed QA |Passed QA --- Comment #58 from Jonathan Druart <jonathan.druart+koha@gmail.com> --- (In reply to Jonathan Druart from comment #57)
Tests are failing for me
Not related, see bug 29353. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 Jonathan Druart <jonathan.druart+koha@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Version(s)| |21.11.00 released in| | Status|Passed QA |Pushed to master -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 --- Comment #59 from Jonathan Druart <jonathan.druart+koha@gmail.com> --- Pushed to master for 21.11, thanks to everybody involved! -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 Kyle M Hall <kyle@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|Pushed to master |RESOLVED -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |29593 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29593 [Bug 29593] Wrong tag in GET c/public/libraries spec -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948 Martin Renvoize <martin.renvoize@ptfs-europe.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |36612 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36612 [Bug 36612] The public tickets endpoint needs public fields list -- You are receiving this mail because: You are watching all bug changes.
participants (1)
-
bugzilla-daemon@bugs.koha-community.org