[Koha-bugs] [Bug 14868] REST API: Swagger2-driven permission checking

bugzilla-daemon at bugs.koha-community.org bugzilla-daemon at bugs.koha-community.org
Fri Aug 26 00:36:37 CEST 2016


https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14868

Benjamin Rokseth <benjamin.rokseth at kul.oslo.kommune.no> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|Needs Signoff               |Signed Off

--- Comment #41 from Benjamin Rokseth <benjamin.rokseth at kul.oslo.kommune.no> ---
Great Work, Lari!

Tested thus :
1) minified swagger:
perl misc/devel/minifySwagger.pl -s api/v1/swagger/swagger.json -d
api/v1/swagger/swagger.min.json (minifySwagger should perhaps have execution
permissions?)

2) restarted plack to pick up changes
3) loaded testdata and added circulation rule to allow holds
4) ran tests t/db_dependent/api/v1/patrons.t and t/db_dependent/api/v1/holds.t
5) ran some manual tests, without permissions, observed authentication failure
6) tested with patron session without borrower permissions, permission failure
except on own patron info and own holds
7) tested with superlibrarian

Should get an extra pair of eyes and testing, but I'm all OK.

Now let's get Bug Bug 17004 moving as well (API auth), and we're really moving
towards a great RESTful API

-- 
You are receiving this mail because:
You are watching all bug changes.


More information about the Koha-bugs mailing list