From 5ee42b6b6031472dc6637d1f22b53815ecb96121 Mon Sep 17 00:00:00 2001
From: Tomas Cohen Arazi <tomascohen@theke.io>
Date: Wed, 17 Nov 2021 16:36:11 -0300
Subject: [PATCH] Bug 29508: Make GET /patrons/:patron_id use
 Koha::Patrons->search_limited

This patch makes the route return 404 if the user is not allowed to see
the requested patron information.

To test:
1. Apply the regression tests
2. Run:
   $ kshell
  k$ prove t/db_dependent/api/v1/patrons.t
=> FAIL: The code doesn't respect limits
3. Apply this patch
4. Repeat 2
=> SUCCESS: Tests pass!
5. Sign off :-D

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
---
 Koha/REST/V1/Patrons.pm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Koha/REST/V1/Patrons.pm b/Koha/REST/V1/Patrons.pm
index 122b99a2ce..b226f6a518 100644
--- a/Koha/REST/V1/Patrons.pm
+++ b/Koha/REST/V1/Patrons.pm
@@ -74,7 +74,7 @@ sub get {
 
     return try {
         my $patron_id = $c->validation->param('patron_id');
-        my $patron    = $c->objects->find( Koha::Patrons->new, $patron_id );
+        my $patron    = $c->objects->find( scalar Koha::Patrons->search_limited, $patron_id );
 
         unless ($patron) {
             return $c->render(
-- 
2.39.2