From 11fffb70ff81a51c05378c5b89f42d43b03ea89b Mon Sep 17 00:00:00 2001 From: Tomas Cohen Arazi Date: Thu, 14 May 2020 19:09:04 -0300 Subject: [PATCH] Bug 25411: Add special handling for public plugin routes This patch implements the required logic in the API code so plugins are not affected by the new RESTPublicAnonymousRequests system preference. It is up to the plugin develpers to handle this To test: 1. Apply the tests patch 2. Run: $ kshell k$ prove t/db_dependent/Koha/REST/Plugin/PluginRoutes.t => FAIL: Notice the tests fail 3. Apply this patch 4. Repeat 2 => SUCCESS: Tests pass! Yay! Not bad for a friday evening! 5. Sign off :-D Sponsored-by: ByWater Solutions Signed-off-by: Victor Grousset/tuxayo Signed-off-by: Jonathan Druart Signed-off-by: Aleisha Amohia --- Koha/REST/V1/Auth.pm | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/Koha/REST/V1/Auth.pm b/Koha/REST/V1/Auth.pm index 36197a9068..2679a76149 100644 --- a/Koha/REST/V1/Auth.pm +++ b/Koha/REST/V1/Auth.pm @@ -63,7 +63,15 @@ sub under { # /api/v1/{namespace} my $namespace = $c->req->url->to_abs->path->[2] // ''; - my $is_public = ($namespace eq 'public') ? 1 : 0; + + my $is_public = 0; # By default routes are not public + my $is_plugin = 0; + + if ( $namespace eq 'public' ) { + $is_public = 1; + } elsif ( $namespace eq 'contrib' ) { + $is_plugin = 1; + } if ( $is_public and !C4::Context->preference('RESTPublicAPI') ) @@ -77,7 +85,7 @@ sub under { $status = 1; } else { - $status = authenticate_api_request($c, { is_public => $is_public }); + $status = authenticate_api_request($c, { is_public => $is_public, is_plugin => $is_plugin }); } } catch { @@ -237,7 +245,7 @@ sub authenticate_api_request { if ( !$authorization and ( $params->{is_public} and ( C4::Context->preference('RESTPublicAnonymousRequests') or - $user) ) ) { + $user) ) or $params->{is_plugin} ) { # We do not need any authorization # Check the parameters validate_query_parameters( $c, $spec ); -- 2.39.5