https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=41768
David Cook <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Signed Off |Failed QA --- Comment #22 from David Cook <[email protected]> --- Thanks for doing that, Arthur. I notice though that you're not checking "$c->stash('is_public')". That would be the way to wrap the public endpoint functionality. The way to get the user is $c->stash('koha.user'), although that reminds me that while this endpoint would work for the OPAC, it won't work so well for third-parties with system users, but I suppose those third-parties would need to rely on non-public/admin endpoints anyway. One day we'll fix the API... The Holds.pm should also check that the hold_id sent belongs to the user. -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
