https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28157
--- Comment #13 from Martin Renvoize <[email protected]> --- (In reply to David Cook from comment #11) > I do not understand this at all. In terms of AuthN and AuthZ, you'd want to > use the user, so the user session should determine the library... > > Why include the library in the route? I think that I must be missing > something here. Because... with a non-api login you have a cookie with context.. that context include a library for your current session.. it may, or may not match the users homebranch. (You can switch library after all.. assuming you've not set independent branches). In the API, we don't have such a context.. the user may be at their homebranch.. or they may be elsewhere.. so we need some way of conveying that the the API for routes that require that data. Tomas and I discussed is and agreed that long term.. API v2 long term.. we should actually move any routes that require such context under /libraries/library_id/whatever/action.. but that's a big change, so for v1 to get the functionality we opted to add an optional header for it.. which defaults to the users homebranch if not passed. Hope that helps clarify David. -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
