[koha-commits] main Koha release repository branch master updated. v16.05.00-569-g0646478

Git repo owner gitmaster at git.koha-community.org
Fri Sep 2 15:25:59 CEST 2016


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "main Koha release repository".

The branch, master has been updated
       via  0646478be01a63fa0b6dc666f23a915ceefd5619 (commit)
       via  f2da856d754119ee40014f4b83c046e5dc4ce5a0 (commit)
       via  1fc17eacc5418a3dcde25aa45d82adb825034fad (commit)
       via  985265c0be182342374f50d95493ec3d50bdd5e0 (commit)
       via  00a50a9400fd606fdaed59574d0ae5bdf8fe3f2a (commit)
       via  cac40ca7027f9701d4f820481c3b1a577ca3eb61 (commit)
       via  ac1286dacdf92239ee91bf7932356adca7c486d2 (commit)
      from  49df1cc10f45c1e7d9b15808a302df2a67dbb876 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 0646478be01a63fa0b6dc666f23a915ceefd5619
Author: Kyle M Hall <kyle at bywatersolutions.com>
Date:   Fri Sep 2 12:25:59 2016 +0000

    Bug 14868 - Update swagger.min.json
    
    Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>

commit f2da856d754119ee40014f4b83c046e5dc4ce5a0
Author: Tomas Cohen Arazi <tomascohen at theke.io>
Date:   Wed Aug 31 20:21:12 2016 -0300

    Bug 14868: (QA followup) POD fixes
    
    To make the QA scripts happy, the POD needed a fix, and also
    keys applied to a hashref needs to be avoided.
    
    Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io>
    Signed-off-by: Benjamin Rokseth <benjamin.rokseth at kul.oslo.kommune.no>
    
    Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>

commit 1fc17eacc5418a3dcde25aa45d82adb825034fad
Author: Tomas Cohen Arazi <tomascohen at theke.io>
Date:   Wed Aug 31 20:11:05 2016 -0300

    Bug 14868: (QA followup) Change permission check order
    
    This patch changes the permission check order because haspermission
    is the smaller check, and going through the patron/user and its guaranteed
    before checking if it is (say) a staff member or even a superlibrarian doesn't
    seem right.
    
    Bonus: Remove unneeded C4::Auth import in Patron.pm
    
    Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io>
    Signed-off-by: Benjamin Rokseth <benjamin.rokseth at kul.oslo.kommune.no>
    
    Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>

commit 985265c0be182342374f50d95493ec3d50bdd5e0
Author: Lari Taskula <larit at student.uef.fi>
Date:   Tue Aug 23 15:38:44 2016 +0300

    Bug 14868: Display required permissions in permission error response
    
    When user does not have required permissions to use API operation, it would be
    useful to let them know which permissions he is missing. Since they are now
    defined in Swagger, we can easily render them into the response.
    
    To test:
    1. Use a patron without any permissions
    2. Make GET request to http://yourlib/api/v1/patrons
    3. Observe permission error and see that required_permissions are displayed.
    4. Run t/db_dependent/api/v1/patrons.t
    
    Signed-off-by: Benjamin Rokseth <benjamin.rokseth at kul.oslo.kommune.no>
    Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io>
    
    Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>

commit 00a50a9400fd606fdaed59574d0ae5bdf8fe3f2a
Author: Lari Taskula <larit at student.uef.fi>
Date:   Thu Aug 11 14:45:16 2016 +0300

    Bug 14868: Use x-koha-authorization in current routes
    
    To test:
    1. Run t/db_dependent/api/v1/holds.t
    2. Run t/db_dependent/api/v1/patrons.t
    
    Signed-off-by: Benjamin Rokseth <benjamin.rokseth at kul.oslo.kommune.no>
    Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io>
    
    Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>

commit cac40ca7027f9701d4f820481c3b1a577ca3eb61
Author: Lari Taskula <larit at student.uef.fi>
Date:   Fri Jun 17 11:43:52 2016 +0300

    Bug 14868: Give users possibility to request their own object
    
    Allow access to user's own objects even if they do not have required permissions.
    This will be very useful in many cases where an user wants to request their own
    object, for example renewing their checkouts or placing a hold for themselves.
    
    First, this patch renames "x-koha-permission" to "x-koha-authorization" in order
    to describe the new functionality better.
    
    Second, we can now add two extra parameters under "x-koha-authorization":
    - "allow-owner"; Allows the owner of object to access it (without permission)
    - "allow-guarantor"; Allows guarantor of the owner of object to access it
                         (without permission)
    
    Third, since permission checking is outside of actual controller, we need a way
    to find out ownership from different types of parameters, e.g. checkout_id from
    /checkouts/{checkout_id}, borrowernumber from /patrons/{borrowernumber} etc.
    A solution is to match the parameter with a subroutine that is designed to verify
    the ownership for that object. See the new subroutines in Koha::REST::V1.
    
    To use this functionality you will simply define it in Swagger:
    "/patrons/{borrowernumber}": {
      "get": {
        ...,
        "x-koha-authorization": {
          "allow-owner": true,
          "permissions": {
            "borrowers": "1"
          }
        }
      }
    }
    
    If a parameter that is not yet defined in Koha::REST::V1::check_object_ownership,
    you also need to define it and implement a subroutine that determines ownership.
    
    Tests are provided in a following patch that adds this functionality for current
    API operations.
    
    Signed-off-by: Benjamin Rokseth <benjamin.rokseth at kul.oslo.kommune.no>
    Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io>
    
    Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>

commit ac1286dacdf92239ee91bf7932356adca7c486d2
Author: Olli-Antti Kivilahti <olli-antti.kivilahti at jns.fi>
Date:   Mon Sep 14 15:20:20 2015 +0300

    Bug 14868: Swagger2-driven Permission checking
    
    Define 'x-koha-permission' for the Swagger2 Operation Object, to automatically
    authorize against the required permissions.
    
    This way we immediately tell the API consumer in the Swagger2-definition, which
    permissions are needed to access defined resources.
    Also we don't need to maintain permissions in multiple locations and we can build
    a smart testing framework to help a lot in creating tests for the new REST API.
    
    Signed-off-by: Benjamin Rokseth <benjamin.rokseth at kul.oslo.kommune.no>
    Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io>
    
    Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>

-----------------------------------------------------------------------

Summary of changes:
 Koha/REST/V1.pm                   |  238 ++++++++++++++++++++++++++++---
 Koha/REST/V1/Patron.pm            |   11 --
 api/v1/swagger/paths/holds.json   |   25 ++++
 api/v1/swagger/paths/patrons.json |   12 ++
 api/v1/swagger/swagger.json       |    1 +
 api/v1/swagger/swagger.min.json   |    2 +-
 t/db_dependent/api/v1/holds.t     |  280 +++++++++++++++++++++++++++++--------
 t/db_dependent/api/v1/patrons.t   |   58 +++++++-
 8 files changed, 527 insertions(+), 100 deletions(-)


hooks/post-receive
-- 
main Koha release repository


More information about the koha-commits mailing list