https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=27358
Martin Renvoize <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #114935|0 |1 is obsolete| | --- Comment #11 from Martin Renvoize <[email protected]> --- Created attachment 116187 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=116187&action=edit Bug 27358: Add a generic way to handle API privileged access attributes deny-list This patch introduces a way for Koha::Object(s)->to_api to filter out attributes that require privileged access. It is done in a way that the 'public' parameter is recursively passed to nested objects in recursive to_api() calls. This way, Koha::Object-based classes can determine how they will render depending on this parameter. For example, for implementing a route for fetching an item looks like: GET /items The controller will look like: my $item = Koha::Items->find( $c->validation->param('item_id') ); return $c->render( status => 200, openapi => $item->to_api ); Implementing an unprivileged (public) route would look like: GET /public/items/:item_id The controller will look like: my $item = Koha::Items->find( $c->validation->param('item_id') ); return $c->render( status => 200, openapi => $item->to_api({ public => 1 }) ); To test: 1. Apply this patch 2. Run: $ kshell k$ prove t/db_dependent/Koha/Object*.t => SUCCESS: Tests pass (i.e. current behaviour is kept, new behaviour passes the tests) 3. Sign off :-D Signed-off-by: Martin Renvoize <[email protected]> -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
