Privileged routes need permissions defined. This patch adds the minimum
required permission until there are article request-specific permissions
in Koha: circulate: circulate_remaining_permissions
It is also clarified that interacting with an article request from
another patron, but having your own patron_id in the path would return
404 instead of 403, as technically the resource (an article request from
the patron, identified.by the supplied id) doesn't exist.
Tests are tweaked.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>