https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17479
Bug ID: 17479
Summary: REST API: Save information on owner access
Change sponsored?: ---
Product: Koha
Version: master
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5 - low
Component: Web services
Assignee: [email protected]
Reporter: [email protected]
QA Contact: [email protected]
There are two ways of accessing a resource via REST API; either:
- you have the required permission
- you do not have the permission but you are owner of the object, e.g. you want
to GET your own patron information
In many cases we want to perform additional operations if the user is accessing
his own object. Usually this additional operation is checking a system
preference.
Example: Patron wants to update his own patron information via REST API. We
have to check OPACPatronDetails system preference for this. If it is on, we
should forward the changes for approval from a librarian.
Currently, in controller, we can check this opac-like access by checking that
the user does not have permissions and that the patron he is accessing is
himself. This would require another haspermission() call.
Instead, we could set a flag into $c->stash in Koha/REST/V1.pm in the case of
ownership access. After this, in controller, we only need to check $c->stash
for this flag.
--
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
_______________________________________________
Koha-bugs mailing list
[email protected]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
