From 1fc17eacc5418a3dcde25aa45d82adb825034fad Mon Sep 17 00:00:00 2001 From: Tomas Cohen Arazi Date: Wed, 31 Aug 2016 20:11:05 -0300 Subject: [PATCH] Bug 14868: (QA followup) Change permission check order This patch changes the permission check order because haspermission is the smaller check, and going through the patron/user and its guaranteed before checking if it is (say) a staff member or even a superlibrarian doesn't seem right. Bonus: Remove unneeded C4::Auth import in Patron.pm Signed-off-by: Tomas Cohen Arazi Signed-off-by: Benjamin Rokseth Signed-off-by: Kyle M Hall --- Koha/REST/V1.pm | 5 ++--- Koha/REST/V1/Patron.pm | 1 - 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/Koha/REST/V1.pm b/Koha/REST/V1.pm index 03342d4e2f..4509819b0c 100644 --- a/Koha/REST/V1.pm +++ b/Koha/REST/V1.pm @@ -81,11 +81,10 @@ sub authenticate_api_request { } my $authorization = $action_spec->{'x-koha-authorization'}; - return $next->($c) if allow_owner($c, $authorization, $user); - return $next->($c) if allow_guarantor($c, $authorization, $user); - my $permissions = $authorization->{'permissions'}; return $next->($c) if C4::Auth::haspermission($user->userid, $permissions); + return $next->($c) if allow_owner($c, $authorization, $user); + return $next->($c) if allow_guarantor($c, $authorization, $user); return $c->render_swagger( { error => "Authorization failure. Missing required permission(s).", required_permissions => $permissions }, diff --git a/Koha/REST/V1/Patron.pm b/Koha/REST/V1/Patron.pm index a66dbb9a5a..b97a154308 100644 --- a/Koha/REST/V1/Patron.pm +++ b/Koha/REST/V1/Patron.pm @@ -19,7 +19,6 @@ use Modern::Perl; use Mojo::Base 'Mojolicious::Controller'; -use C4::Auth qw( haspermission ); use Koha::Patrons; sub list { -- 2.39.5