[koha-commits] main Koha release repository branch master updated. v16.05.00-569-g0646478
Git repo owner
gitmaster at git.koha-community.org
Fri Sep 2 15:25:59 CEST 2016
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "main Koha release repository".
The branch, master has been updated
via 0646478be01a63fa0b6dc666f23a915ceefd5619 (commit)
via f2da856d754119ee40014f4b83c046e5dc4ce5a0 (commit)
via 1fc17eacc5418a3dcde25aa45d82adb825034fad (commit)
via 985265c0be182342374f50d95493ec3d50bdd5e0 (commit)
via 00a50a9400fd606fdaed59574d0ae5bdf8fe3f2a (commit)
via cac40ca7027f9701d4f820481c3b1a577ca3eb61 (commit)
via ac1286dacdf92239ee91bf7932356adca7c486d2 (commit)
from 49df1cc10f45c1e7d9b15808a302df2a67dbb876 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 0646478be01a63fa0b6dc666f23a915ceefd5619
Author: Kyle M Hall <kyle at bywatersolutions.com>
Date: Fri Sep 2 12:25:59 2016 +0000
Bug 14868 - Update swagger.min.json
Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
commit f2da856d754119ee40014f4b83c046e5dc4ce5a0
Author: Tomas Cohen Arazi <tomascohen at theke.io>
Date: Wed Aug 31 20:21:12 2016 -0300
Bug 14868: (QA followup) POD fixes
To make the QA scripts happy, the POD needed a fix, and also
keys applied to a hashref needs to be avoided.
Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io>
Signed-off-by: Benjamin Rokseth <benjamin.rokseth at kul.oslo.kommune.no>
Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
commit 1fc17eacc5418a3dcde25aa45d82adb825034fad
Author: Tomas Cohen Arazi <tomascohen at theke.io>
Date: Wed Aug 31 20:11:05 2016 -0300
Bug 14868: (QA followup) Change permission check order
This patch changes the permission check order because haspermission
is the smaller check, and going through the patron/user and its guaranteed
before checking if it is (say) a staff member or even a superlibrarian doesn't
seem right.
Bonus: Remove unneeded C4::Auth import in Patron.pm
Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io>
Signed-off-by: Benjamin Rokseth <benjamin.rokseth at kul.oslo.kommune.no>
Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
commit 985265c0be182342374f50d95493ec3d50bdd5e0
Author: Lari Taskula <larit at student.uef.fi>
Date: Tue Aug 23 15:38:44 2016 +0300
Bug 14868: Display required permissions in permission error response
When user does not have required permissions to use API operation, it would be
useful to let them know which permissions he is missing. Since they are now
defined in Swagger, we can easily render them into the response.
To test:
1. Use a patron without any permissions
2. Make GET request to http://yourlib/api/v1/patrons
3. Observe permission error and see that required_permissions are displayed.
4. Run t/db_dependent/api/v1/patrons.t
Signed-off-by: Benjamin Rokseth <benjamin.rokseth at kul.oslo.kommune.no>
Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io>
Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
commit 00a50a9400fd606fdaed59574d0ae5bdf8fe3f2a
Author: Lari Taskula <larit at student.uef.fi>
Date: Thu Aug 11 14:45:16 2016 +0300
Bug 14868: Use x-koha-authorization in current routes
To test:
1. Run t/db_dependent/api/v1/holds.t
2. Run t/db_dependent/api/v1/patrons.t
Signed-off-by: Benjamin Rokseth <benjamin.rokseth at kul.oslo.kommune.no>
Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io>
Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
commit cac40ca7027f9701d4f820481c3b1a577ca3eb61
Author: Lari Taskula <larit at student.uef.fi>
Date: Fri Jun 17 11:43:52 2016 +0300
Bug 14868: Give users possibility to request their own object
Allow access to user's own objects even if they do not have required permissions.
This will be very useful in many cases where an user wants to request their own
object, for example renewing their checkouts or placing a hold for themselves.
First, this patch renames "x-koha-permission" to "x-koha-authorization" in order
to describe the new functionality better.
Second, we can now add two extra parameters under "x-koha-authorization":
- "allow-owner"; Allows the owner of object to access it (without permission)
- "allow-guarantor"; Allows guarantor of the owner of object to access it
(without permission)
Third, since permission checking is outside of actual controller, we need a way
to find out ownership from different types of parameters, e.g. checkout_id from
/checkouts/{checkout_id}, borrowernumber from /patrons/{borrowernumber} etc.
A solution is to match the parameter with a subroutine that is designed to verify
the ownership for that object. See the new subroutines in Koha::REST::V1.
To use this functionality you will simply define it in Swagger:
"/patrons/{borrowernumber}": {
"get": {
...,
"x-koha-authorization": {
"allow-owner": true,
"permissions": {
"borrowers": "1"
}
}
}
}
If a parameter that is not yet defined in Koha::REST::V1::check_object_ownership,
you also need to define it and implement a subroutine that determines ownership.
Tests are provided in a following patch that adds this functionality for current
API operations.
Signed-off-by: Benjamin Rokseth <benjamin.rokseth at kul.oslo.kommune.no>
Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io>
Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
commit ac1286dacdf92239ee91bf7932356adca7c486d2
Author: Olli-Antti Kivilahti <olli-antti.kivilahti at jns.fi>
Date: Mon Sep 14 15:20:20 2015 +0300
Bug 14868: Swagger2-driven Permission checking
Define 'x-koha-permission' for the Swagger2 Operation Object, to automatically
authorize against the required permissions.
This way we immediately tell the API consumer in the Swagger2-definition, which
permissions are needed to access defined resources.
Also we don't need to maintain permissions in multiple locations and we can build
a smart testing framework to help a lot in creating tests for the new REST API.
Signed-off-by: Benjamin Rokseth <benjamin.rokseth at kul.oslo.kommune.no>
Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io>
Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
-----------------------------------------------------------------------
Summary of changes:
Koha/REST/V1.pm | 238 ++++++++++++++++++++++++++++---
Koha/REST/V1/Patron.pm | 11 --
api/v1/swagger/paths/holds.json | 25 ++++
api/v1/swagger/paths/patrons.json | 12 ++
api/v1/swagger/swagger.json | 1 +
api/v1/swagger/swagger.min.json | 2 +-
t/db_dependent/api/v1/holds.t | 280 +++++++++++++++++++++++++++++--------
t/db_dependent/api/v1/patrons.t | 58 +++++++-
8 files changed, 527 insertions(+), 100 deletions(-)
hooks/post-receive
--
main Koha release repository
More information about the koha-commits
mailing list