https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=27947
Martin Renvoize <martin.renvo...@ptfs-europe.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |martin.renvoize@ptfs-europe
| |.com
Status|Signed Off |Failed QA
--- Comment #39 from Martin Renvoize <martin.renvo...@ptfs-europe.com> ---
Sorry guys.. little more needed here.
My first followup drops the 'reserveforothers' permission requirement as I
don't think that relates to this functionality.. but it makes the API tests
fail.. and I can't see why.. code blind on a Friday.
My second followup highlights an issue with the public route. Although moving
the route under /public/patrons/{patron_id} ensure we do a patron identity
check.. there isn't actually a later check anywhere that the article your
trying to delete actually belongs to the patron ;)
This final one is actually why I preferred the original
/article_requests/{request_id} approach.. though of course that would require
the addition of a routine to handle checking borrowernumber in the article
request against the user as per the other routines for checking allow-owner.
--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
