https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14868
--- Comment #27 from Lari Taskula <[email protected]> --- The patches went through heavy rebasing (now on top of master) and modifications. These patches fix wrong error messages, extend "allow-owner" functionality to be able to find out object owner from any parameter (not just borrowernumber like before), adds "allow-guarantor" that works similar to "allow-owner" but checks access for guarantor of the owner of the object instead, and adds some more tests that cover these changes. Meanwhile I also squashed "Rename 'x-koha-permission' to 'x-koha-authorization'" into "Give users possibility to request their own object". Because of heavy changes, I had to remove the sign-offs and would now be very interested to hear comments especially on the solution to find out object ownership from any parameter, and of course suggestions for a better solution if someone can come up with one. I think it's very useful to be able to define permissions in Swagger because it is now documented in your specification, and also permission checking is centralized into one place instead of duplicating it for nearly every operation in each controller. -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
