From 811d468dc42df5f87415160a327386b2d1b93c64 Mon Sep 17 00:00:00 2001 From: Tomas Cohen Arazi Date: Mon, 13 Apr 2020 11:36:12 -0300 Subject: [PATCH] Bug 25045: Add the RESTPublicAnonymousRequests syspref Signed-off-by: Kyle M Hall Signed-off-by: Jonathan Druart Signed-off-by: Martin Renvoize (cherry picked from commit 5394e8443fcba3e307c4add97bef1216fcaa2b11) Signed-off-by: Aleisha Amohia --- installer/data/mysql/atomicupdate/bug_25045.perl | 15 +++++++++++++++ installer/data/mysql/sysprefs.sql | 1 + .../modules/admin/preferences/web_services.pref | 6 ++++++ 3 files changed, 22 insertions(+) create mode 100644 installer/data/mysql/atomicupdate/bug_25045.perl diff --git a/installer/data/mysql/atomicupdate/bug_25045.perl b/installer/data/mysql/atomicupdate/bug_25045.perl new file mode 100644 index 0000000000..d2b62edf80 --- /dev/null +++ b/installer/data/mysql/atomicupdate/bug_25045.perl @@ -0,0 +1,15 @@ +$DBversion = 'XXX'; # will be replaced by the RM +if( CheckVersion( $DBversion ) ) { + + # Default to the homologous OpacPublic syspref + my $opac_public = C4::Context->preference('OpacPublic') ? 1 : 0; + + $dbh->do(qq{ + INSERT IGNORE INTO `systempreferences` + (`variable`,`value`,`explanation`,`options`,`type`) + VALUES + ('RESTPublicAnonymousRequests', $opac_public, NULL,'If enabled, the API will allow anonymous access to public routes that don\'t require authenticated access'.','YesNo'); + }); + + NewVersion( $DBversion, 25045, "Add a way to restrict anonymous access to public routes (OpacPublic behaviour)"); +} diff --git a/installer/data/mysql/sysprefs.sql b/installer/data/mysql/sysprefs.sql index c110c7300f..b7ed256953 100644 --- a/installer/data/mysql/sysprefs.sql +++ b/installer/data/mysql/sysprefs.sql @@ -530,6 +530,7 @@ INSERT INTO systempreferences ( `variable`, `value`, `options`, `explanation`, ` ('RESTBasicAuth','0',NULL,'If enabled, Basic authentication is enabled for the REST API.','YesNo'), ('RESTdefaultPageSize','20','','Default page size for endpoints listing objects','Integer'), ('RESTOAuth2ClientCredentials','0',NULL,'If enabled, the OAuth2 client credentials flow is enabled for the REST API.','YesNo'), +('RESTPublicAnonymousRequests','1',NULL,'If enabled, the API will allow anonymous access to public routes that don\'t require authenticated access'.','YesNo'), ('RESTPublicAPI','1',NULL,'If enabled, the REST API will expose the /public endpoints.','YesNo'), ('RestrictedPageLocalIPs','',NULL,'Beginning of IP addresses considered as local (comma separated ex: "127.0.0,127.0.2")','Free'), ('RestrictedPageContent','',NULL,'HTML content of the restricted page','TextArea'), diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences/web_services.pref b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences/web_services.pref index ae99ace642..3d56b4c74a 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences/web_services.pref +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences/web_services.pref @@ -17,6 +17,12 @@ Web services: yes: Enable no: "Disable" - "the OAuth2 client credentials grant for the REST API. Requires Net::OAuth2::AuthorizationServer installed. [EXPERIMENTAL]" + - + - pref: RESTPublicAnonymousRequests + choices: + yes: "Enable" + no: "Disable" + - anonymous access to public routes (that don't require authenticated access) - - pref: RESTPublicAPI choices: -- 2.20.1