From 8d0c44578524dc2bd7b380dac56a53382b5aca7e Mon Sep 17 00:00:00 2001 From: Tomas Cohen Arazi Date: Thu, 14 May 2020 19:09:04 -0300 Subject: [PATCH] Bug 25411: Add special handling for public plugin routes This patch implements the required logic in the API code so plugins are not affected by the new RESTPublicAnonymousRequests system preference. It is up to the plugin develpers to handle this To test: 1. Apply the tests patch 2. Run: $ kshell k$ prove t/db_dependent/Koha/REST/Plugin/PluginRoutes.t => FAIL: Notice the tests fail 3. Apply this patch 4. Repeat 2 => SUCCESS: Tests pass! Yay! Not bad for a friday evening! 5. Sign off :-D Sponsored-by: ByWater Solutions Signed-off-by: Victor Grousset/tuxayo Signed-off-by: Jonathan Druart Signed-off-by: Martin Renvoize --- Koha/REST/V1/Auth.pm | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/Koha/REST/V1/Auth.pm b/Koha/REST/V1/Auth.pm index b34397b587..481b081010 100644 --- a/Koha/REST/V1/Auth.pm +++ b/Koha/REST/V1/Auth.pm @@ -63,7 +63,17 @@ sub under { # /api/v1/{namespace} my $namespace = $c->req->url->to_abs->path->[2] // ''; - my $is_public = ($namespace eq 'public') ? 1 : 0; + + my $is_public = 0; # By default routes are not public + my $is_plugin = 0; + + if ( $namespace eq 'public' ) { + $is_public = 1; + } + + if ( $namespace eq 'contrib' ) { + $is_plugin = 1; + } if ( $is_public and !C4::Context->preference('RESTPublicAPI') ) @@ -80,7 +90,7 @@ sub under { $status = 1; } else { - $status = authenticate_api_request($c, { is_public => $is_public }); + $status = authenticate_api_request($c, { is_public => $is_public, is_plugin => $is_plugin }); } } catch { @@ -242,7 +252,7 @@ sub authenticate_api_request { if ( !$authorization and ( $params->{is_public} and ( C4::Context->preference('RESTPublicAnonymousRequests') or - $user) ) ) { + $user) ) or $params->{is_plugin} ) { # We do not need any authorization # Check the parameters validate_query_parameters( $c, $spec ); -- 2.39.5