--- Comment #8 from Martin Renvoize <> ---
(In reply to Jonathan Druart from comment #6)
> Created attachment 56547 [details] [review]
> Bug 17445: Move the params check after the authentication check
> If the user is not authorised to call this route, we would prefer to
> raise a 403 instead of 400
> Note that we wanted to submit tests for this change but the city code
> does not let use do that (we are allowed to list/show cities even
> without any permissions). The patrons.t is not complete enought and the
> holds.t tests do not pass...
> Tomas plans to submit tests but we reach the end of the hackfest ;)

Also agree with this change.. it didn't even occur to me to think about error
code presidency in this case.. 

Generically I think you tend to just work backwards down the error codes, so
your checking for a 403 failure before a more generic 400 is perfect in this

Good spot! :)

You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
Koha-bugs mailing list
website :
git :
bugs :

Reply via email to