[Koha-bugs] [Bug 16330] REST API: add routes to add, update and delete patrons
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Thu Oct 20 13:04:38 CEST 2016
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16330
--- Comment #37 from Lari Taskula <lari.taskula at jns.fi> ---
Perhaps validate method can be useful for that work too, as a centralized
location for patron information validation with proper exceptions, depending on
how we want to do it.
OPACPatronDetails should also be checked for PUT.
By the way, I have noticed that these "OPAC-preferences" make it annoying to
check if user is accessing as an owner-of-the-object without actual
permissions, in order to perform some specific operation on that user. To make
this checking easy inside controllers, perhaps we could set a flag in
Koha/REST/V1.pm for users without permission but being the owner of the object.
before:
if (C4::Context->preference('OPACPatronDetails') &&
!haspermission($user->userid, { borrowers => 1 }) && $user->borrowernumber ==
$args->{borrowernumber}) {
// accessing as an owner, set patron modification to be verified by a librarian
}
after:
if (C4::Context->preference('OPACPatronDetails') &&
$c->stash('access_as_object_owner')) {
// accessing as an owner, set patron modification to be verified by a librarian
}
How does this sound? Is there an alternative, better solution or shall I open a
new Bug for this?
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list