[Koha-bugs] [Bug 14868] REST API: Swagger2-driven permission checking
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Mon Jun 20 17:18:34 CEST 2016
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14868
Lari Taskula <larit at student.uef.fi> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #52592|0 |1
is obsolete| |
--- Comment #8 from Lari Taskula <larit at student.uef.fi> ---
Created attachment 52602
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=52602&action=edit
Bug 14868: Swagger2-driven Permission checking
A hasty downgrade from 13920, utilizing new features implemented by the
Mojolicious::Plugin::Swagger2-author, to make it possible to implement more
complex authentication/authorization scenarios with the Plugin.
Define 'x-koha-permission' for the Swagger2 Operation Object, to automatically
authorize against the required permissions.
This way we immediately tell the API consumer in the Swagger2-definition, which
permissions are needed to access defined resources.
Also we don't need to maintain permissions in multiple locations and we can
build
a smart testing framework to help a lot in creating tests for the new REST API.
Rebase notes from 2015-09-22 to 2016-06-20:
- In patrons.t, change expected HTTP 403 to 401 when accessing the endpoint
without authentication (401 = not authenticated, 403 = authenticated, but no
permission).
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list