https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=43030

--- Comment #11 from Martin Renvoize (ashimema) 
<[email protected]> ---
Created attachment 201756
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=201756&action=edit
Bug 43030: Point generic auth-permission tests away from /api/v1/patrons

t/db_dependent/api/v1/{auth,auth_basic,oauth}.t each used
GET /api/v1/patrons purely as a stand-in "some endpoint requiring a
permission" to exercise generic 401/403/503 branches in
authenticate_api_request. Now that this endpoint allows self-access,
a permission-less patron is admitted (scoped to their own record)
instead of rejected, so these generic checks now point at
DELETE /api/v1/patrons/-1 instead, which still requires
delete_borrowers unconditionally.

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[email protected]
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

Reply via email to