[Koha-bugs] [Bug 24067] New: Refactor REST API allow-owner authorization logic
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Tue Nov 19 15:10:43 CET 2019
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=24067
Bug ID: 24067
Summary: Refactor REST API allow-owner authorization logic
Change sponsored?: ---
Product: Koha
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5 - low
Component: REST api
Assignee: koha-bugs at lists.koha-community.org
Reporter: lari.taskula at hypernova.fi
It is possible to authorize patron an access to their own resources by defining
"allow-owner" under x-koha-authorization block in endpoint's OpenAPI
specification.
Currently the logic for this type of authorization is centralized under
Koha::REST::V1::Auth::check_object_ownership with some messy, hard to
understand and possibly at some point in future even insecure logic.
A better and more flexible solution is to have each REST API controller handle
the "allow-owner" authorization on their own.
--
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
More information about the Koha-bugs
mailing list