projects / koha-equinox.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: fac2c17) | patch
Bug 22216: Make GET /patrons/{patron_id} staff only
authorTomas Cohen Arazi <tomascohen@theke.io>
Tue, 29 Jan 2019 14:07:06 +0000 (11:07 -0300)
committerroot <root@f1ebe1bec408>
Fri, 22 Feb 2019 13:15:11 +0000 (13:15 +0000)
commit8083bc2ff0629dce8301330e144a61fee35d9836
treeae45581dab75f78a4998a22c173003afc91a54d2tree | snapshot
parentfac2c172143b31255767684e4b22c0ba1ae0aaafcommit | diff
Bug 22216: Make GET /patrons/{patron_id} staff only

This patch removes the possibility to access the patron object
identified by patron_id by the patron itself, or a guarantor.

It does so by removing the permissions from the spec. The tests are
adjusted to remove that use case.

To test:
- Apply this patch
- Run:
  $ kshell
 k$ prove t/db_dependent/api/v1/patrons.t
=> SUCCESS: Tests pass!
- Sign off :-D

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
api/v1/swagger/paths/patrons.json diff | blob | history
t/db_dependent/api/v1/patrons.t diff | blob | history
Koha with Equinox developments in process and local tweaks