http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=13799
--- Comment #140 from Julian Maurice <[email protected]> --- The 'borrowers' permission is required for both /borrowers and /borrowers/XXXX except if XXXX is the borrowernumber of the loggedinuser Test plan for authentication: 1/ Log in to staff interface with a borrower that have 'borrowers' permission 2/ Go to http://INTRANET/api/v1/borrowers and http://INTRANET/api/v1/borrowers/XXXX (where XXXX is a valid borrowernumber). You should see borrowers data 3/ Remove the 'borrowers' permission 4/ Go to http://INTRANET/api/v1/borrowers. You should see an error (and HTTP code 403) 5/ Go to http://INTRANET/api/v1/borrowers/XXXX (where XXXX is a valid borrowernumber different from the logged-in user's borrowernumber). You should see an error (and HTTP code 403) 6/ Go to http://INTRANET/api/v1/borrowers/XXXX (where XXXX is the logged-in user's borrowernumber). You should see borrower's data. -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
