[Koha-bugs] [Bug 17003] REST API: add route to get checkout's renewability
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Sun Dec 11 22:59:08 CET 2016
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17003
--- Comment #10 from Jiri Kozlovsky <mail at jkozlovsky.cz> ---
(In reply to Jiri Kozlovsky from comment #8)
> Comment on attachment 57493 [details] [review]
> Bug 17003: Add API route to get checkout's renewability
>
> Review of attachment 57493 [details] [review]:
> -----------------------------------------------------------------
>
> ::: Koha/REST/V1/Checkout.pm
> @@ +109,5 @@
> > + $OpacRenewalAllowed = C4::Context->preference('OpacRenewalAllowed');
> > + }
> > +
> > + unless ($user && ($OpacRenewalAllowed
> > + || haspermission($user->userid, { circulate => "circulate_remaining_permissions" }))) {
>
> This "haspermission" check should be moved to the path definition using
> "x-koha-authorization".
>
Sorry about that inconvenience - I haven't realized that ownership check is
required.
It would be nice to have bug 17479 implmemented soon so that we avoid such
misunderstandings :) .. btw how about setting that bug as a dependency and
rewriting this code?
--
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
More information about the Koha-bugs
mailing list