projects / koha.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch (parent: 84bd1ac)
Bug 25411: Add special handling for public plugin routes
authorTomas Cohen Arazi <tomascohen@theke.io>
Thu, 14 May 2020 22:09:04 +0000 (19:09 -0300)
committerMartin Renvoize <martin.renvoize@ptfs-europe.com>
Fri, 22 May 2020 08:04:06 +0000 (09:04 +0100)
This patch implements the required logic in the API code so plugins are
not affected by the new RESTPublicAnonymousRequests system preference.
It is up to the plugin develpers to handle this

To test:
1. Apply the tests patch
2. Run:
   $ kshell
  k$ prove t/db_dependent/Koha/REST/Plugin/PluginRoutes.t
=> FAIL: Notice the tests fail
3. Apply this patch
4. Repeat 2
=> SUCCESS: Tests pass! Yay! Not bad for a friday evening!
5. Sign off :-D

Sponsored-by: ByWater Solutions
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Koha/REST/V1/Auth.pm patch | blob | history

diff --git a/Koha/REST/V1/Auth.pm b/Koha/REST/V1/Auth.pm
index b34397b..481b081 100644 (file)
--- a/Koha/REST/V1/Auth.pm
+++ b/Koha/REST/V1/Auth.pm
@@ -63,7 +63,17 @@ sub under {
 
         # /api/v1/{namespace}
         my $namespace = $c->req->url->to_abs->path->[2] // '';
-        my $is_public = ($namespace eq 'public') ? 1 : 0;
+
+        my $is_public = 0; # By default routes are not public
+        my $is_plugin = 0;
+
+        if ( $namespace eq 'public' ) {
+            $is_public = 1;
+        }
+
+        if ( $namespace eq 'contrib' ) {
+            $is_plugin = 1;
+        }
 
         if ( $is_public
             and !C4::Context->preference('RESTPublicAPI') )
@@ -80,7 +90,7 @@ sub under {
             $status = 1;
         }
         else {
-            $status = authenticate_api_request($c, { is_public => $is_public });
+            $status = authenticate_api_request($c, { is_public => $is_public, is_plugin => $is_plugin });
         }
 
     } catch {
@@ -242,7 +252,7 @@ sub authenticate_api_request {
     if ( !$authorization and
          ( $params->{is_public} and
           ( C4::Context->preference('RESTPublicAnonymousRequests') or
-            $user) ) ) {
+            $user) ) or $params->{is_plugin} ) {
         # We do not need any authorization
         # Check the parameters
         validate_query_parameters( $c, $spec );
Mirror of git://git.koha-community.org/koha.git