[Koha-bugs] [Bug 16330] REST API: add routes to add, update and delete patrons

bugzilla-daemon at bugs.koha-community.org bugzilla-daemon at bugs.koha-community.org
Thu Oct 20 13:04:38 CEST 2016


https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16330

--- Comment #37 from Lari Taskula <lari.taskula at jns.fi> ---
Perhaps validate method can be useful for that work too, as a centralized
location for patron information validation with proper exceptions, depending on
how we want to do it.

OPACPatronDetails should also be checked for PUT.

By the way, I have noticed that these "OPAC-preferences" make it annoying to
check if user is accessing as an owner-of-the-object without actual
permissions, in order to perform some specific operation on that user. To make
this checking easy inside controllers, perhaps we could set a flag in
Koha/REST/V1.pm for users without permission but being the owner of the object.

before:
if (C4::Context->preference('OPACPatronDetails') &&
!haspermission($user->userid, { borrowers => 1 }) && $user->borrowernumber ==
$args->{borrowernumber}) {
// accessing as an owner, set patron modification to be verified by a librarian
}

after:
if (C4::Context->preference('OPACPatronDetails') &&
$c->stash('access_as_object_owner')) {
// accessing as an owner, set patron modification to be verified by a librarian
}

How does this sound? Is there an alternative, better solution or shall I open a
new Bug for this?

-- 
You are receiving this mail because:
You are watching all bug changes.


More information about the Koha-bugs mailing list