Commit graph

3 commits

Author SHA1 Message Date
9c4a1b19aa Bug 27947: (QA follow-up) Clarify permissions
Privileged routes need permissions defined. This patch adds the minimum
required permission until there are article request-specific permissions
in Koha: circulate: circulate_remaining_permissions

It is also clarified that interacting with an article request  from
another patron, but having your own patron_id in the path would return
404 instead of 403, as technically the resource (an article request from
the patron, identified.by the supplied id) doesn't exist.

Tests are tweaked.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-10-06 10:09:25 +02:00
77506a474a Bug 27947: (QA follow-up) Update test to highlight issue
This addition to the tests highlights a permissions/security check
error.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-10-06 10:09:25 +02:00
b9b4cee4e9 Bug 27947: Add regression tests for routes
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-10-06 10:09:25 +02:00