This patch makes the staff client UI respect the
RESTOAuth2ClientCredentials syspref.
To test:
- Make sure RESTOAuth2ClientCredentials is "Don't enable"
- Go to a patron's detail page
=> SUCCESS: The 'More' dropdown doesn't show the API keys management
link.
- Enable RESTOAuth2ClientCredentials
- Reload
=> SUCCESS: The 'More' dropdown shows the API keys management link
- Click on the API keys management link
=> SUCCESS: You can edit the api keys
- Disable the syspref
- Reload
=> SUCCESS: You are presented an error 400 page.
- Sign off :-D
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
<li><a href="/cgi-bin/koha/members/discharge.pl?borrowernumber=[% patron.borrowernumber %]">Discharge</a></li>
[% END %]
- [% IF CAN_user_borrowers_edit_borrowers %]
- <li><a id="apikeys" href="/cgi-bin/koha/members/apikeys.pl?patron_id=[% patron.borrowernumber %]">Manage API keys</a></li>
- [% ELSE %]
- <li class="disabled"><a data-toggle="tooltip" data-placement="left" title="You are not authorized to manage API keys" id="apikeys" href="#">Manage API keys</a></li>
+ [% IF Koha.Preference('RESTOAuth2ClientCredentials') %]
+ [% IF CAN_user_borrowers_edit_borrowers %]
+ <li><a id="apikeys" href="/cgi-bin/koha/members/apikeys.pl?patron_id=[% patron.borrowernumber %]">Manage API keys</a></li>
+ [% ELSE %]
+ <li class="disabled"><a data-toggle="tooltip" data-placement="left" title="You are not authorized to manage API keys" id="apikeys" href="#">Manage API keys</a></li>
+ [% END %]
[% END %]
[% IF CAN_user_borrowers_edit_borrowers %]
$patron = Koha::Patrons->find($patron_id) if $patron_id;
-if ( not defined $patron ) {
+if ( not defined $patron or
+ not C4::Context->preference('RESTOAuth2ClientCredentials') ) {
# patron_id invalid -> exit
print $cgi->redirect("/cgi-bin/koha/errors/404.pl"); # escape early
projects / koha.git / commitdiff