Tomas Cohen Arazi
ee2931a7b0
This patch adds a check in Koha::REST::V1::Auth::under to catch all routes that begin with 'public' (inside /api/v1). If they match, and the RESTPublicAPI syspref is off, then an exception is thrown, rendering a 403 error to the consumer. Otherwise the routes are processed as usual. This is THE on/off switch for the public REST API. The target use case: people not wanting an OPAC or public interaction with the API besides privileged users. In order to test, the rest of the patches are needed because the only way to test a route is having it in the spec. To test: - Apply the patches - Run: $ kshell k$ prove t/db_dependent/api/v1/auth.t => SUCCESS: tests pass! - Sign off :-D Signed-off-by: Josef Moravec <josef.moravec@gmail.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> |
||
|---|---|---|
| .. | ||
| acquisitions_vendors.t | ||
| auth.t | ||
| auth_authenticate_api_request.t | ||
| cities.t | ||
| holds.t | ||
| illrequests.t | ||
| oauth.t | ||
| patrons.t | ||
| patrons_accounts.t | ||
| patrons_password.t | ||
| stockrotationstage.t | ||