[Koha-bugs] [Bug 14868] REST API: Swagger2-driven permission checking
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Mon Jun 20 17:19:18 CEST 2016
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14868
Lari Taskula <larit at student.uef.fi> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #52593|0 |1
is obsolete| |
--- Comment #9 from Lari Taskula <larit at student.uef.fi> ---
Created attachment 52603
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=52603&action=edit
Bug 14868: Give users possibility to request their own object
If the user has no required permissions, but attempts to access his own object,
allow this request in case "x-koha-permission" has defined "allow-owner": "1".
As an example, the following resource can be accessed if user has
borrowers-flag
or if he is making the request to his own borrowernumber (in path or body):
"/patrons/{borrowernumber}": {
..
"x-koha-permission": {
"allow-owner": "1",
"permissions": {
"borrowers": "1"
}
}
}
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list