Browse Source
Privileged routes need permissions defined. This patch adds the minimum required permission until there are article request-specific permissions in Koha: circulate: circulate_remaining_permissions It is also clarified that interacting with an article request from another patron, but having your own patron_id in the path would return 404 instead of 403, as technically the resource (an article request from the patron, identified.by the supplied id) doesn't exist. Tests are tweaked. Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>21.11/bug30761
3 changed files with 23 additions and 13 deletions
Loading…
Reference in new issue