https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14868
--- Comment #42 from Jonathan Druart <[email protected]> --- Comment on attachment 54895 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=54895 Bug 14868: Give users possibility to request their own object Review of attachment 54895: --> (https://bugs.koha-community.org/bugzilla3/page.cgi?id=splinter.html&bug=14868&attachment=54895) ----------------------------------------------------------------- ::: Koha/REST/V1.pm @@ +203,5 @@ > + > +sub _object_ownership_by_borrowernumber { > + my ($c, $user, $borrowernumber) = @_; > + > + return $user->borrowernumber == $borrowernumber; I think it's not that easy. For instance at the OPAC, a patron is not allowed to update his own details, it will need to be approved by a staff member. Using the REST API he will be able to bypass the approval. -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
