https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=43030
--- Comment #10 from Martin Renvoize (ashimema) <[email protected]> --- Created attachment 201755 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=201755&action=edit Bug 43030: Allow self-access to /jobs and /jobs/{job_id} Replaces the catalogue:1 baseline permission with parameters:manage_background_jobs plus allow-owner, so a caller who lacks that permission can still see jobs they personally triggered. This also retires the last manual ownership check in Koha::REST::V1::BackgroundJobs::get in favour of the shared objects.find_rs enforcement from Task 7. Behavior change: a patron with zero permissions can now see their own background jobs (by id or in the collection) where they previously got 403 outright. They could already do so if they held the unrelated catalogue permission, so this narrows what permission is required without broadening what any non-privileged caller can ultimately see. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
