[Koha-bugs] [Bug 25482] koha-plack not working under D10

Wed May 13 23:58:05 CEST 2020

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25482

Tomás Cohen Arazi <tomascohen at gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |ASSIGNED
           Assignee|koha-bugs at lists.koha-commun |tomascohen at gmail.com
                   |ity.org                     |

--- Comment #1 from Tomás Cohen Arazi <tomascohen at gmail.com> ---
Found the issue. It took me a while....

The thing is, the JSON::Validator/openAPI plugin combination we have in D9 is
very loose, and doesn't catch a problem in the Advanced editor macros routes
spec. Basically, there are routes that have:

x-koha-permission: {
    editcatalogue => 'advanced_editor',
    editcatalogue => 'delete_shared_macros',
}

which is basically invalid, as you shouldn't be able to define a hash with two
values for the same key.

My first attempt was to just to the expected thing:

x-koha-permission: {
    "editcatalogue" =>  [
        'advanced_editor',
        'delete_shared_macros'
     ]
}

This should work, but it doesn't really. Plack would be back to work, but
C4::Auth::haspermission validates the permissions when it shouldn't. At least
that's what running

   $ prove t/db_dependent/api/v1/advanced_editor_macros.t

tells.

I will review the tests tomorrow (too tired today). It is possible that the
permissions assignment taking place in the tests is incorrect.

I was about to write a regression test for C4::Auth for this case, and see
what's going on, but... to my dismay...  couldn't find tests...

-- 
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.