[Koha-bugs] [Bug 28157] Add the ability to set a library from which an API request pretends to come from
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Thu Apr 22 15:37:13 CEST 2021
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28157
--- Comment #13 from Martin Renvoize <martin.renvoize at ptfs-europe.com> ---
(In reply to David Cook from comment #11)
> I do not understand this at all. In terms of AuthN and AuthZ, you'd want to
> use the user, so the user session should determine the library...
>
> Why include the library in the route? I think that I must be missing
> something here.
Because... with a non-api login you have a cookie with context.. that context
include a library for your current session.. it may, or may not match the users
homebranch. (You can switch library after all.. assuming you've not set
independent branches).
In the API, we don't have such a context.. the user may be at their
homebranch.. or they may be elsewhere.. so we need some way of conveying that
the the API for routes that require that data.
Tomas and I discussed is and agreed that long term.. API v2 long term.. we
should actually move any routes that require such context under
/libraries/library_id/whatever/action.. but that's a big change, so for v1 to
get the functionality we opted to add an optional header for it.. which
defaults to the users homebranch if not passed.
Hope that helps clarify David.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list