Tomas Cohen Arazi
9c4a1b19aa
Privileged routes need permissions defined. This patch adds the minimum required permission until there are article request-specific permissions in Koha: circulate: circulate_remaining_permissions It is also clarified that interacting with an article request from another patron, but having your own patron_id in the path would return 404 instead of 403, as technically the resource (an article request from the patron, identified.by the supplied id) doesn't exist. Tests are tweaked. Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> |
||
---|---|---|
.. | ||
acquisitions_funds.t | ||
acquisitions_orders.t | ||
acquisitions_vendors.t | ||
advanced_editor_macros.t | ||
article_requests.t | ||
auth.t | ||
auth_authenticate_api_request.t | ||
auth_basic.t | ||
biblios.t | ||
cashups.t | ||
checkouts.t | ||
cities.t | ||
clubs_holds.t | ||
holds.t | ||
illrequests.t | ||
import_batch_profiles.t | ||
items.t | ||
libraries.t | ||
oauth.t | ||
patrons.t | ||
patrons_accounts.t | ||
patrons_extended_attributes.t | ||
patrons_holds.t | ||
patrons_password.t | ||
return_claims.t | ||
smtp_servers.t | ||
stockrotationstage.t | ||
transfer_limits.t |