Hi all,
I just noticed the following error while testing the REST API:
{"error":"Authorization failure. Missing required permission(s).","required_permissions":{"borrowers":"1"}}
It seems to me that we should just stop at “Authorization failure”. While it might be helpful for a dev to know what the required permissions are, I think it would also be overly helpful for an attacker to know what permissions are required too, no?
I suppose Koha is open source, so it wouldn’t be hard for them to look them up anyway, but it just seems odd?
David Cook
Senior Software Engineer
Prosentient Systems
Suite 7.03
6a Glen St
Milsons Point NSW 2061
Australia
Office: 02 9212 0899
Online: 02 8005 0595