]> git.koha-community.org Git - koha.git/commit
Bug 28948: Add a generic way to handle API privileged access attributes deny-list
authorTomas Cohen Arazi <tomascohen@theke.io>
Wed, 6 Jan 2021 19:16:01 +0000 (16:16 -0300)
committerJonathan Druart <jonathan.druart@bugs.koha-community.org>
Thu, 28 Oct 2021 15:32:34 +0000 (17:32 +0200)
commitf6c2147ec755e61266b114a9399c799240223d2b
tree677220faeca40b379c857ec103c434b64c4f4046
parente68f71534006d8039911bb5244a5ce94550601a8
Bug 28948: Add a generic way to handle API privileged access attributes deny-list

This patch introduces a way for Koha::Object(s)->to_api to filter out
attributes that require privileged access. It is done in a way that the
'public' parameter is recursively passed to nested objects in recursive
to_api() calls.

This way, Koha::Object-based classes can determine how they will render
depending on this parameter. For example, for implementing a
route for fetching an library looks like:

GET /libraries

The controller will look like:

my $library = Koha::Libraries->find( $c->validation->param('library_id') );
return $c->render(
    status  => 200,
    openapi => $library->to_api
);

Implementing an unprivileged (public) route would look like:

GET /public/libraries/:library_id

The controller will look like:

my $library = Koha::Libraries->find( $c->validation->param('library_id') );
return $c->render(
    status  => 200,
    openapi => $library->to_api({ public => 1  })
);

To test:
1. Apply this patch
2. Run:
   $ kshell
  k$ prove t/db_dependent/Koha/Object*.t
=> SUCCESS: Tests pass (i.e. current behaviour is kept, new behaviour
        passes the tests)
3. Sign off :-D

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Koha/Library.pm
Koha/Object.pm
t/db_dependent/Koha/Object.t
t/db_dependent/Koha/Objects.t