--- Comment #2 from Lari Taskula <> ---
Created attachment 56257
Bug 17424: REST API: Preference to control access to own objects without

This patch adds a new system preference AccessOwnObjectsInAPI which controls
accessibility for OPAC-like REST API operations for patron's without otherwise
required permissions.

To test:
1. Apply this patch and set AccessOwnObjectsInAPI to "Enabled"
2. Test REST API operations that allow access to own objects. They should work
   as before. E.g. try to GET /api/v1/patrons/XXX where XXX is your
   (you need a valid CGISESSID, so login first, but make sure you don't have
3. Disable AccessOwnObjectsInAPI
4. Observe that you no longer have access. You should be given an appropriate
   error message for what happened.
5. Run t/db_dependent/api/v1/swagger/ownership.t and also other REST tests.

You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
Koha-bugs mailing list
website :
git :
bugs :

Reply via email to