https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28787
--- Comment #18 from Jonathan Druart <jonathan.druart+k...@gmail.com> --- (In reply to Marcel de Rooy from comment #16) > [2] Code segment from Koha/REST/V1/Auth.pm > if ( !$authorization and > ( $params->{is_public} and > ( C4::Context->preference('RESTPublicAnonymousRequests') or > $user) or $params->{is_plugin} ) > or $pending_auth > This does not look good to me. Do we need pending_auth here ? If so, at > least we need parentheses etc. My follow-up removes the line now. Why? Can you explain? If the user is not fully authenticated they shouldn't be allowed to access REST API route. With your follow-up patch the tests are failing now. -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/