https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=24609
--- Comment #10 from Tomás Cohen Arazi <[email protected]> --- Hi I'm sorry for the delay to comment on this one. As a general comment, our (current) controller/permissions logic doesn't allow to specify complex conditions. We only check for permissions/ownership, before we reach the controller. [1] So the general rule is that any syspref check or combination of permissions+sysprefs (that can be found in many places in our codebase/templates) should be done either in a high level method (ModIssue?) or the controller itself (e.g. that's why we stash the current user, accesible through $c->stash('koha.user') so we can ask further questions about it. Any authentication method stashes the user for that purpose. That said, changing the date due on a checkout might be something worth having a method in Koha::Checkout->update_due_date so any logic is encapsulated there and, more importantly, the method can be used in other places. Speaking of the current endpoint, we've been observant of the current implementations on the UI to catch all the conditions and prevent misuses of endpoints. This doesn't mean there were no mistakes, but speaking for my contributions, I usually look at the .pl, the .tt and try to put all that logic on the enpdoint. [1] And I'm not sure we should add such a thing to our project as the API hasn't been a target for the refactorings specifically, and so moving existing logic into a (cool) new high level config layer on the spec would mean maintaining two codebases right now. -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
