[Koha-bugs] [Bug 17479] REST API: Save information on owner access
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Mon Nov 7 22:06:28 CET 2016
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17479
Josef Moravec <josef.moravec at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #57256|0 |1
is obsolete| |
--- Comment #3 from Josef Moravec <josef.moravec at gmail.com> ---
Created attachment 57286
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=57286&action=edit
[SIGNED-OFF] Bug 17479: Store information on owner access into $c->stash
There are two ways of accessing a resource via REST API; either:
- you have the required permission
- you do not have the permission but you are owner of the object, e.g. you want
to GET your own patron information
In many cases we want to perform additional operations if the user is accessing
his
own object. Usually this additional operation is checking a system preference.
Example: Patron wants to update his own patron information via REST API. We
have to
check OPACPatronDetails system preference for this. If it is on, we should
forward
the changes for approval from a librarian.
Currently, in controller, we can check this opac-like access by checking that
the
user does not have permissions and that the patron he is accessing is himself.
This
would require another haspermission() call.
Instead, we could set a flag into $c->stash in Koha/REST/V1.pm in the case of
ownership access. After this, in controller, we only need to check $c->stash
for
this flag.
To test:
1. Apply patch
2. Run t/db_dependent/api/v1/ownerflag.t
3. Observe it pass
Signed-off-by: Josef Moravec <josef.moravec at gmail.com>
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list