https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17445
--- Comment #8 from Martin Renvoize <[email protected]> --- (In reply to Jonathan Druart from comment #6) > Created attachment 56547 [details] [review] > Bug 17445: Move the params check after the authentication check > > If the user is not authorised to call this route, we would prefer to > raise a 403 instead of 400 > > Note that we wanted to submit tests for this change but the city code > does not let use do that (we are allowed to list/show cities even > without any permissions). The patrons.t is not complete enought and the > holds.t tests do not pass... > > Tomas plans to submit tests but we reach the end of the hackfest ;) Also agree with this change.. it didn't even occur to me to think about error code presidency in this case.. Generically I think you tend to just work backwards down the error codes, so your checking for a 403 failure before a more generic 400 is perfect in this case. Good spot! :) -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
