https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=43030
--- Comment #11 from Martin Renvoize (ashimema) <[email protected]> --- Created attachment 201756 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=201756&action=edit Bug 43030: Point generic auth-permission tests away from /api/v1/patrons t/db_dependent/api/v1/{auth,auth_basic,oauth}.t each used GET /api/v1/patrons purely as a stand-in "some endpoint requiring a permission" to exercise generic 401/403/503 branches in authenticate_api_request. Now that this endpoint allows self-access, a permission-less patron is admitted (scoped to their own record) instead of rejected, so these generic checks now point at DELETE /api/v1/patrons/-1 instead, which still requires delete_borrowers unconditionally. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
