[Koha-bugs] [Bug 17479] New: REST API: Save information on owner access
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Fri Oct 21 11:52:52 CEST 2016
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17479
Bug ID: 17479
Summary: REST API: Save information on owner access
Change sponsored?: ---
Product: Koha
Version: master
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5 - low
Component: Web services
Assignee: koha-bugs at lists.koha-community.org
Reporter: lari.taskula at jns.fi
QA Contact: testopia at bugs.koha-community.org
There are two ways of accessing a resource via REST API; either:
- you have the required permission
- you do not have the permission but you are owner of the object, e.g. you want
to GET your own patron information
In many cases we want to perform additional operations if the user is accessing
his own object. Usually this additional operation is checking a system
preference.
Example: Patron wants to update his own patron information via REST API. We
have to check OPACPatronDetails system preference for this. If it is on, we
should forward the changes for approval from a librarian.
Currently, in controller, we can check this opac-like access by checking that
the user does not have permissions and that the patron he is accessing is
himself. This would require another haspermission() call.
Instead, we could set a flag into $c->stash in Koha/REST/V1.pm in the case of
ownership access. After this, in controller, we only need to check $c->stash
for this flag.
--
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
More information about the Koha-bugs
mailing list