Turns out that we rely heavily on the side effect that passing undef
to haspermission would always return true no matter what permissions
or lack of permissions you had.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Before bug 22031 the haspermission subroutine signature allowed for
passing 'undef' to mean 'any permission' in $flagsrequired. This feels
like a mistake and was only in practical use in two places in the
codebase.
This patch explicitly forbids this practice (`*` may be used to the same
result and is more explicit in it's nature) and replaces the two
instances of it's use.
Test Plan
1. Before this patch, the API tests are all failing with authentication
errors
2. After this patch the API tests should now all pass.
3. t/db_dependent/Auth/haspermission.t should continue to pass (with one
addition subtest added herin)
3. /svc/members/search is not unit tested. Please check that patron
searching still yields results in the UI after this patch.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch adds an SQL::Abstract inspired query syntax to the
haspermission method in C4::Auth. One can now pass Arrayrefs to denote
an OR list of flags, a Hashref to denote a AND list of flags.
Structures can be nested at arbitrary depth.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Test plan:
Run this new test.
Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
All tests successful. koha-qa.pl run OK.
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
