Bug 22216: Make GET /patrons/{patron_id} staff only
This patch removes the possibility to access the patron object
identified by patron_id by the patron itself, or a guarantor.
It does so by removing the permissions from the spec. The tests are
adjusted to remove that use case.
To test:
- Apply this patch
- Run:
$ kshell
k$ prove t/db_dependent/api/v1/patrons.t
=> SUCCESS: Tests pass!
- Sign off :-D
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Josef Moravec <josef.moravec@gmail.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com>