[Koha-bugs] [Bug 13895] Add API routes for checkouts retrieval and renewal
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Mon Aug 22 20:35:32 CEST 2016
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=13895
Katrin Fischer <katrin.fischer at bsz-bw.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |katrin.fischer at bsz-bw.de
--- Comment #34 from Katrin Fischer <katrin.fischer at bsz-bw.de> ---
>Let user access their own checkouts and if OpacRenewalAllowed system preference
>is on, also let user to renew their checkouts.
I am concerned about this kind of behaviour. Would it mean that any user
(without any permission) can do this using the REST API as long as they can get
access to a valid session cookie/log into the OPAC?
This checks for OpacRenewalAllowed, but what about opacuserlogin?
Could we make this behaviour optional?
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list