https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=38446
--- Comment #20 from Tomás Cohen Arazi (tcohen) <[email protected]> --- * I don't agree with making ERM permission grant full access to resources they shouldn't have access to. * Adding a scoped endpoint (/additional_fields/erm or /addtional_fields/erm/:type should be very 'cheap' and quick to implement and would allow us to specify permissions at the spec level. The controller method could (probably) be reused in other cases and or really thin and simple to maintain. * If we start adding checks for permissions in the controller, for each use case it will become a mess pretty fast. * CRUD endpoints are not 100% suitable for this kind of things, and this is an example of this statement. We should really have some specialized endpoints for dropdowns, with simpler permissions and schemas. But this is out of the scope of this bug. -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
