Tomas Cohen Arazi
8083bc2ff0
This patch removes the possibility to access the patron object identified by patron_id by the patron itself, or a guarantor. It does so by removing the permissions from the spec. The tests are adjusted to remove that use case. To test: - Apply this patch - Run: $ kshell k$ prove t/db_dependent/api/v1/patrons.t => SUCCESS: Tests pass! - Sign off :-D Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Josef Moravec <josef.moravec@gmail.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> |
||
---|---|---|
.. | ||
acquisitions_vendors.t | ||
auth.t | ||
auth_authenticate_api_request.t | ||
auth_basic.t | ||
cities.t | ||
holds.t | ||
illrequests.t | ||
libraries.t | ||
oauth.t | ||
patrons.t | ||
patrons_accounts.t | ||
patrons_password.t | ||
stockrotationstage.t |