Browse Source

Bug 16497: (follow-up) GET operations require staff access

With the introduction of the /public namespace all other endpoints, the
rest of the endpoints are restricted to privileged users.

This patch makes the GET /libraries and GET /libraries/:library_id
endpoints require 'catalogue' permissions.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
19.05.x
Tomás Cohen Arazi 4 years ago
committed by root
parent
commit
562eaa154b
  1. 10
      api/v1/swagger/paths/libraries.json
  2. 4
      t/db_dependent/api/v1/libraries.t

10
api/v1/swagger/paths/libraries.json

@ -152,6 +152,11 @@
"$ref": "../definitions.json#/error"
}
}
},
"x-koha-authorization": {
"permissions": {
"catalogue": "1"
}
}
},
"post": {
@ -253,6 +258,11 @@
"$ref": "../definitions.json#/error"
}
}
},
"x-koha-authorization": {
"permissions": {
"catalogue": "1"
}
}
},
"put": {

4
t/db_dependent/api/v1/libraries.t

@ -48,7 +48,7 @@ subtest 'list() tests' => sub {
my $another_library = $library->unblessed; # create a copy of $library but make
delete $another_library->{branchcode}; # sure branchcode will be regenerated
$another_library = $builder->build_object({ class => 'Koha::Libraries', value => $another_library });
my ( $borrowernumber, $session_id ) = create_user_and_session( { authorized => 0 } );
my ( $borrowernumber, $session_id ) = create_user_and_session( { authorized => 1 } );
## Authorized user tests
my $count_of_libraries = Koha::Libraries->search->count;
@ -119,7 +119,7 @@ subtest 'get() tests' => sub {
my $library = $builder->build_object( { class => 'Koha::Libraries' } );
my ( $borrowernumber, $session_id ) =
create_user_and_session( { authorized => 0 } );
create_user_and_session( { authorized => 1 } );
my $tx = $t->ua->build_tx( GET => "/api/v1/libraries/" . $library->branchcode );
$tx->req->cookies( { name => 'CGISESSID', value => $session_id } );

Loading…
Cancel
Save