Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Koha/api/v1/swagger/paths
History
Tomas Cohen Arazi 8083bc2ff0 Bug 22216: Make GET /patrons/{patron_id} staff only 
This patch removes the possibility to access the patron object
identified by patron_id by the patron itself, or a guarantor.

It does so by removing the permissions from the spec. The tests are
adjusted to remove that use case.

To test:
- Apply this patch
- Run:
  $ kshell
 k$ prove t/db_dependent/api/v1/patrons.t
=> SUCCESS: Tests pass!
- Sign off :-D

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2019-02-22 13:15:11 +00:00
..
acquisitions_vendors.json Bug 18120: (QA followup) 'vendors_manage' permission fits better than full acq 2017-09-29 17:13:13 -03:00
cities.json Bug 22227: Make GET /cities staff only 2019-02-15 18:42:46 +00:00
holds.json Bug 19784: Remove reference to 'borrowernumber' param from other endpoints 2018-03-29 11:42:08 -03:00
illrequests.json Bug 20600: (follow-up) Fix API spec 2019-02-19 16:36:43 +00:00
libraries.json Bug 16497: (follow-up) GET operations require staff access 2019-02-19 13:52:14 +00:00
oauth.json Bug 20402: Implement OAuth2 authentication for REST API 2018-05-08 15:55:42 -03:00
patrons.json Bug 22216: Make GET /patrons/{patron_id} staff only 2019-02-22 13:15:11 +00:00
patrons_account.json Bug 20944: OpenAPI spec for /patrons/{patron_id}/account/credits 2018-08-31 12:46:59 +00:00
patrons_password.json Bug 17006: OpenAPI spec 2019-01-28 15:25:39 +00:00
public_patrons.json Bug 22061: (QA follow-up) Rename password_2 => password_repeated 2019-01-28 15:45:56 +00:00
rotas.json Bug 11897: Use 'stockrotation' permission for the endpoint 2018-10-09 15:46:06 +00:00