[Koha-bugs] [Bug 17479] REST API: Save information on owner access

2020-03-17 Thread bugzilla-daemon 
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17479

Lari Taskula  changed:

   What|Removed |Added

   Assignee|lari.task...@hypernova.fi   |koha-b...@lists.koha-commun
   ||ity.org

--- Comment #13 from Lari Taskula  ---
I'm no longer able to work on this, so I'm setting assignee to default. Feel
free to continue this work.

-- 
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 17479] REST API: Save information on owner access

2018-10-23 Thread bugzilla-daemon 
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17479

Michal Denar  changed:

   What|Removed |Added

 CC||blac...@gmail.com

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 17479] REST API: Save information on owner access

2017-10-27 Thread bugzilla-daemon 
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17479
Bug 17479 depends on bug 18137, which changed state.

Bug 18137 Summary: REST API: Migrate from Mojolicious::Plugin::Swagger2 to 
Mojolicious::Plugin::OpenAPI
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18137

   What|Removed |Added

 Status|Pushed to Master|RESOLVED
 Resolution|--- |FIXED

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 17479] REST API: Save information on owner access

2017-09-25 Thread bugzilla-daemon 
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17479

Jonathan Druart  changed:

   What|Removed |Added

  Component|Web services|REST api
 CC||jonathan.dru...@bugs.koha-c
   ||ommunity.org
 QA Contact|testo...@bugs.koha-communit |
   |y.org   |

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 17479] REST API: Save information on owner access

2017-06-14 Thread bugzilla-daemon 
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17479

Josef Moravec  changed:

   What|Removed |Added

 Status|Needs Signoff   |Failed QA
 CC||josef.mora...@gmail.com

--- Comment #12 from Josef Moravec  ---
The test is failing:

t/db_dependent/api/v1/ownerflag.t .. 
#   Failed test 'exact match for JSON Pointer "/error"'
#   at t/db_dependent/api/v1/ownerflag.t line 61.
#  got: 'librarian_access'
# expected: 'is_owner_access'
# Looks like you failed 1 test of 3.
t/db_dependent/api/v1/ownerflag.t .. 1/3 
#   Failed test 'without permission, owner of object tests'
#   at t/db_dependent/api/v1/ownerflag.t line 64.

#   Failed test 'exact match for JSON Pointer "/error"'
#   at t/db_dependent/api/v1/ownerflag.t line 73.
#  got: 'librarian_access'
# expected: 'is_guarantor_access'
# Looks like you failed 1 test of 3.

#   Failed test 'without permissions, guarantor of the owner of the object
tests'
#   at t/db_dependent/api/v1/ownerflag.t line 76.
# Looks like you failed 2 tests of 3.
t/db_dependent/api/v1/ownerflag.t .. Dubious, test returned 2 (wstat 512,
0x200)
Failed 2/3 subtests 

Test Summary Report
---
t/db_dependent/api/v1/ownerflag.t (Wstat: 512 Tests: 3 Failed: 2)
  Failed tests:  1-2
  Non-zero exit status: 2
Files=1, Tests=3,  2 wallclock secs ( 0.02 usr  0.00 sys +  1.19 cusr  0.20
csys =  1.41 CPU)
Result: FAIL

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 17479] REST API: Save information on owner access

2017-03-17 Thread bugzilla-daemon 
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17479

--- Comment #11 from Lari Taskula  ---
(In reply to Jiri Kozlovsky from comment #10)
> Lari, what do you think about storing owned object also?
> 
> I think sparing one DB request for each owner / guarantor request is a good
> step forward.

True. I don't see why we should not also stash the owned object. Feel free to
provide a follow-up :)

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 17479] REST API: Save information on owner access

2017-03-17 Thread bugzilla-daemon 
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17479

--- Comment #10 from Jiri Kozlovsky  ---
Lari, what do you think about storing owned object also?

I think sparing one DB request for each owner / guarantor request is a good
step forward.

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 17479] REST API: Save information on owner access

2017-03-16 Thread bugzilla-daemon 
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17479

Lari Taskula  changed:

   What|Removed |Added

 Status|Signed Off  |Needs Signoff

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 17479] REST API: Save information on owner access

2017-03-16 Thread bugzilla-daemon 
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17479

--- Comment #9 from Lari Taskula  ---
Rebased on top of Bug 18137. To test, first apply Bug 18137, then this one, and
run tests. Removed sign-offs as the test file was heavily rewritten.

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 17479] REST API: Save information on owner access

2017-03-16 Thread bugzilla-daemon 
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17479

Lari Taskula  changed:

   What|Removed |Added

 Depends on||18137


Referenced Bugs:

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18137
[Bug 18137] REST API: Migrate from Mojolicious::Plugin::Swagger2 to
Mojolicious::Plugin::OpenAPI
-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 17479] REST API: Save information on owner access

2017-03-16 Thread bugzilla-daemon 
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17479

Lari Taskula  changed:

   What|Removed |Added

  Attachment #57286|0   |1
is obsolete||

--- Comment #8 from Lari Taskula  ---
Created attachment 61174
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=61174=edit
Bug 17479: Store information on owner access into $c->stash

There are two ways of accessing a resource via REST API; either:
- you have the required permission
- you do not have the permission but you are owner of the object, e.g. you want
  to GET your own patron information

In many cases we want to perform additional operations if the user is accessing
his
own object. Usually this additional operation is checking a system preference.

Example: Patron wants to update his own patron information via REST API. We
have to
check OPACPatronDetails system preference for this. If it is on, we should
forward
the changes for approval from a librarian.

Currently, in controller, we can check this opac-like access by checking that
the
user does not have permissions and that the patron he is accessing is himself.
This
would require another haspermission() call.

Instead, we could set a flag into $c->stash in Koha/REST/V1.pm in the case of
ownership access. After this, in controller, we only need to check $c->stash
for
this flag.

To test:
1. Apply patch
2. Run t/db_dependent/api/v1/ownerflag.t
3. Observe it pass

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 17479] REST API: Save information on owner access

2017-03-10 Thread bugzilla-daemon 
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17479

--- Comment #7 from Marcel de Rooy  ---
(In reply to Lari Taskula from comment #6)
> In Mojolicious, the stash, which we use for this flag, is a non-persistent
> storage only for the current request. So it will be cleared for the
> following requests and then set again.

OK I suspected that. Altough clearing it in the else still seems safe..

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 17479] REST API: Save information on owner access

2017-03-10 Thread bugzilla-daemon 
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17479

--- Comment #6 from Lari Taskula  ---
In Mojolicious, the stash, which we use for this flag, is a non-persistent
storage only for the current request. So it will be cleared for the following
requests and then set again.

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 17479] REST API: Save information on owner access

2017-03-10 Thread bugzilla-daemon 
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17479

Marcel de Rooy  changed:

   What|Removed |Added

 CC||m.de.r...@rijksmuseum.nl

--- Comment #5 from Marcel de Rooy  ---
Just a dumb [hypothetical] question, since I am not that deep into Mojolicious
etc.
You only set the flag; you do not clear the flag.
How do you make sure that setting this owner flag is not misused/abused later
on? Is it possible that it is still on thru persistence?
I could imagine that you would clear this flag in the else branch of the
haspermission if?

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 17479] REST API: Save information on owner access

2016-12-11 Thread bugzilla-daemon 
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17479

Jiri Kozlovsky  changed:

   What|Removed |Added

 CC||m...@jkozlovsky.cz

--- Comment #4 from Jiri Kozlovsky  ---
I like this flag approach! How about also adding the owned object to the stash?
It is very common to perform duplicate search for that object (you may need
some arbitrary column from it or to check if something has changes, etc ..)

Now you create DB query when checking for ownership and then, the same query
when the object itself is required from within the controller.

After this implemented, there would always be only one DB query for the owned
object. In the controller then, it'd be called $c->stash('owned_object').

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 17479] REST API: Save information on owner access

2016-11-07 Thread bugzilla-daemon 
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17479

Josef Moravec  changed:

   What|Removed |Added

  Attachment #57256|0   |1
is obsolete||

--- Comment #3 from Josef Moravec  ---
Created attachment 57286
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=57286=edit
[SIGNED-OFF] Bug 17479: Store information on owner access into $c->stash

There are two ways of accessing a resource via REST API; either:
- you have the required permission
- you do not have the permission but you are owner of the object, e.g. you want
  to GET your own patron information

In many cases we want to perform additional operations if the user is accessing
his
own object. Usually this additional operation is checking a system preference.

Example: Patron wants to update his own patron information via REST API. We
have to
check OPACPatronDetails system preference for this. If it is on, we should
forward
the changes for approval from a librarian.

Currently, in controller, we can check this opac-like access by checking that
the
user does not have permissions and that the patron he is accessing is himself.
This
would require another haspermission() call.

Instead, we could set a flag into $c->stash in Koha/REST/V1.pm in the case of
ownership access. After this, in controller, we only need to check $c->stash
for
this flag.

To test:
1. Apply patch
2. Run t/db_dependent/api/v1/ownerflag.t
3. Observe it pass

Signed-off-by: Josef Moravec 

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 17479] REST API: Save information on owner access

2016-11-07 Thread bugzilla-daemon 
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17479

Josef Moravec  changed:

   What|Removed |Added

 Status|Needs Signoff   |Signed Off

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 17479] REST API: Save information on owner access

2016-11-07 Thread bugzilla-daemon 
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17479

Lari Taskula  changed:

   What|Removed |Added

  Attachment #56720|0   |1
is obsolete||

--- Comment #2 from Lari Taskula  ---
Created attachment 57256
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=57256=edit
Bug 17479: Store information on owner access into $c->stash

There are two ways of accessing a resource via REST API; either:
- you have the required permission
- you do not have the permission but you are owner of the object, e.g. you want
  to GET your own patron information

In many cases we want to perform additional operations if the user is accessing
his
own object. Usually this additional operation is checking a system preference.

Example: Patron wants to update his own patron information via REST API. We
have to
check OPACPatronDetails system preference for this. If it is on, we should
forward
the changes for approval from a librarian.

Currently, in controller, we can check this opac-like access by checking that
the
user does not have permissions and that the patron he is accessing is himself.
This
would require another haspermission() call.

Instead, we could set a flag into $c->stash in Koha/REST/V1.pm in the case of
ownership access. After this, in controller, we only need to check $c->stash
for
this flag.

To test:
1. Apply patch
2. Run t/db_dependent/api/v1/ownerflag.t
3. Observe it pass

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 17479] REST API: Save information on owner access

2016-11-07 Thread bugzilla-daemon 
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17479

Lari Taskula  changed:

   What|Removed |Added

 Blocks||17565


Referenced Bugs:

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17565
[Bug 17565] REST API: Let user cancel reserve according to
CanReserveBeCanceledFromOpac
-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 17479] REST API: Save information on owner access

2016-10-21 Thread bugzilla-daemon 
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17479

--- Comment #1 from Lari Taskula  ---
Created attachment 56720
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=56720=edit
Bug 17479: Store information on owner access into $c->stash

There are two ways of accessing a resource via REST API; either:
- you have the required permission
- you do not have the permission but you are owner of the object, e.g. you want
  to GET your own patron information

In many cases we want to perform additional operations if the user is accessing
his
own object. Usually this additional operation is checking a system preference.

Example: Patron wants to update his own patron information via REST API. We
have to
check OPACPatronDetails system preference for this. If it is on, we should
forward
the changes for approval from a librarian.

Currently, in controller, we can check this opac-like access by checking that
the
user does not have permissions and that the patron he is accessing is himself.
This
would require another haspermission() call.

Instead, we could set a flag into $c->stash in Koha/REST/V1.pm in the case of
ownership access. After this, in controller, we only need to check $c->stash
for
this flag.

To test:
1. Apply patch
2. Run t/db_dependent/api/v1/ownerflag.t
3. Observe it pass

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 17479] REST API: Save information on owner access

2016-10-21 Thread bugzilla-daemon 
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17479

Lari Taskula  changed:

   What|Removed |Added

   Patch complexity|--- |Small patch
 Depends on||14868
 Status|NEW |Needs Signoff


Referenced Bugs:

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14868
[Bug 14868] REST API: Swagger2-driven permission checking
-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 17479] REST API: Save information on owner access

2016-10-21 Thread bugzilla-daemon 
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17479

Lari Taskula  changed:

   What|Removed |Added

   Assignee|koha-b...@lists.koha-commun |lari.task...@jns.fi
   |ity.org |

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/