https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948
Martin Renvoize changed:
What|Removed |Added
Blocks||36612
Referenced Bugs:
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948
Tomás Cohen Arazi changed:
What|Removed |Added
Blocks||29593
Referenced
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948
Kyle M Hall changed:
What|Removed |Added
Resolution|--- |FIXED
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948
--- Comment #59 from Jonathan Druart ---
Pushed to master for 21.11, thanks to everybody involved!
--
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948
Jonathan Druart changed:
What|Removed |Added
Version(s)||21.11.00
released
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948
Jonathan Druart changed:
What|Removed |Added
Status|Failed QA |Passed QA
--- Comment
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948
Jonathan Druart changed:
What|Removed |Added
Attachment #127055|0 |1
is obsolete|
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948
Jonathan Druart changed:
What|Removed |Added
Status|Passed QA |Failed QA
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948
--- Comment #56 from Jonathan Druart ---
Created attachment 127055
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=127055=edit
Bug 28948: Fix tests
t/db_dependent/Koha/REST/Plugin/Objects.t .. 12/13
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948
--- Comment #55 from Tomás Cohen Arazi ---
Created attachment 127054
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=127054=edit
Bug 28948: Fix random failure
This patch makes the query for randomly generated
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948
Martin Renvoize changed:
What|Removed |Added
Blocks|28854 |
Referenced Bugs:
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948
--- Comment #54 from Kyle M Hall ---
Created attachment 126126
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=126126=edit
Bug 28948: Don't require catalogue permission for public route, don't allow
smtp server
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948
--- Comment #53 from Kyle M Hall ---
Created attachment 126125
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=126125=edit
Bug 28948: Remove query params, 'q' param covers everything needed
Signed-off-by: Martin
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948
--- Comment #52 from Kyle M Hall ---
Created attachment 126124
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=126124=edit
Bug 28948: Remove FIXME
This patch reproduces what we did for `to_api_mapping`: make it
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948
--- Comment #51 from Kyle M Hall ---
Created attachment 126123
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=126123=edit
Bug 28948: (QA follow-up) Convert to allow-list
This patch converts the code to use an
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948
--- Comment #50 from Kyle M Hall ---
Created attachment 126122
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=126122=edit
Bug 28948: Add GET /public/libraries routes
This patch introduces a route to fetch a list
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948
--- Comment #49 from Kyle M Hall ---
Created attachment 126121
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=126121=edit
Bug 28948: Teach objects.search about public requests
Signed-off-by: Martin Renvoize
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948
--- Comment #48 from Kyle M Hall ---
Created attachment 126120
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=126120=edit
Bug 28948: Make is_public stashed on public routes
This patch makes the API authentication
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948
Kyle M Hall changed:
What|Removed |Added
Attachment #126111|0 |1
is obsolete|
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948
Kyle M Hall changed:
What|Removed |Added
Status|Signed Off |Passed QA
--
You are
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948
Martin Renvoize changed:
What|Removed |Added
Blocks||28854
Referenced Bugs:
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948
Martin Renvoize changed:
What|Removed |Added
Status|Failed QA |Signed Off
--- Comment
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948
Martin Renvoize changed:
What|Removed |Added
Attachment #125912|0 |1
is obsolete|
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948
Martin Renvoize changed:
What|Removed |Added
Attachment #125911|0 |1
is obsolete|
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948
Martin Renvoize changed:
What|Removed |Added
Attachment #125906|0 |1
is obsolete|
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948
Martin Renvoize changed:
What|Removed |Added
Attachment #125905|0 |1
is obsolete|
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948
Martin Renvoize changed:
What|Removed |Added
Attachment #125904|0 |1
is obsolete|
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948
Martin Renvoize changed:
What|Removed |Added
Attachment #125903|0 |1
is obsolete|
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948
Martin Renvoize changed:
What|Removed |Added
Attachment #125902|0 |1
is obsolete|
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948
Martin Renvoize changed:
What|Removed |Added
Attachment #125901|0 |1
is obsolete|
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948
Kyle M Hall changed:
What|Removed |Added
Status|Signed Off |Failed QA
--- Comment #37
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948
--- Comment #36 from Kyle M Hall ---
Created attachment 125912
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=125912=edit
Bug 28948: Don't require catalogue permission for public route, don't allow
smtp server
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948
Kyle M Hall changed:
What|Removed |Added
Attachment #125908|0 |1
is obsolete|
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948
Kyle M Hall changed:
What|Removed |Added
Attachment #125907|0 |1
is obsolete|
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948
--- Comment #33 from Kyle M Hall ---
Created attachment 125907
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=125907=edit
Bug 28948: Remove query params, 'q' param covers everything needed
--
You are receiving
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948
--- Comment #32 from Tomás Cohen Arazi ---
Created attachment 125906
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=125906=edit
Bug 28948: Remove FIXME
This patch reproduces what we did for `to_api_mapping`: make
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948
--- Comment #31 from Tomás Cohen Arazi ---
Created attachment 125905
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=125905=edit
Bug 28948: (QA follow-up) Convert to allow-list
This patch converts the code to use
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948
--- Comment #30 from Tomás Cohen Arazi ---
Created attachment 125904
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=125904=edit
Bug 28948: Add GET /public/libraries routes
This patch introduces a route to fetch a
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948
--- Comment #29 from Tomás Cohen Arazi ---
Created attachment 125903
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=125903=edit
Bug 28948: Teach objects.search about public requests
Signed-off-by: Martin Renvoize
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948
--- Comment #28 from Tomás Cohen Arazi ---
Created attachment 125902
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=125902=edit
Bug 28948: Make is_public stashed on public routes
This patch makes the API
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948
--- Comment #27 from Tomás Cohen Arazi ---
Created attachment 125901
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=125901=edit
Bug 28948: Add a generic way to handle API privileged access attributes
deny-list
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948
Tomás Cohen Arazi changed:
What|Removed |Added
Attachment #124479|0 |1
is obsolete|
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948
Tomás Cohen Arazi changed:
What|Removed |Added
Attachment #124914|0 |1
is obsolete|
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948
Tomás Cohen Arazi changed:
What|Removed |Added
Attachment #124749|0 |1
is obsolete|
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948
Tomás Cohen Arazi changed:
What|Removed |Added
Attachment #124483|0 |1
is obsolete|
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948
Tomás Cohen Arazi changed:
What|Removed |Added
Attachment #124482|0 |1
is obsolete|
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948
Tomás Cohen Arazi changed:
What|Removed |Added
Attachment #124481|0 |1
is obsolete|
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948
Tomás Cohen Arazi changed:
What|Removed |Added
Attachment #124480|0 |1
is obsolete|
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948
--- Comment #26 from Marcel de Rooy ---
What he did, is something like:
# Remove forbidden attributes if required
if( $params->{public} && $self->_result->can('get_column_set') ) { #FIXME
Temporary measure
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948
--- Comment #25 from Marcel de Rooy ---
(In reply to Marcel de Rooy from comment #22)
> Initially we only filtered the public side removing the api privileged keys.
> What we now do, is filter both public and staff !
> Which is a
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948
--- Comment #24 from Marcel de Rooy ---
(In reply to Martin Renvoize from comment #23)
> Did it not just move:
>
> if ( can_load( modules => { $allowclass => undef } ) ) {
> {
> my $allowlist =
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948
--- Comment #23 from Martin Renvoize ---
Did it not just move:
if ( can_load( modules => { $allowclass => undef } ) ) {
{
my $allowlist = $allowclass->new(
{ interface => $params->{public} ?
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948
--- Comment #22 from Marcel de Rooy ---
I elaborated on the changes of Martin, but note the following:
-# Remove forbidden attributes if required
-if ($params->{public}
-and $self->can('api_privileged_attrs') )
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948
Marcel de Rooy changed:
What|Removed |Added
Attachment #124911|0 |1
is obsolete|
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948
--- Comment #20 from Marcel de Rooy ---
(In reply to Martin Renvoize from comment #10)
> This patch updates the patchset to use the ::Allowlist structure
> introduced with bug 28935. I think we need more work here to provide
> for
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948
Marcel de Rooy changed:
What|Removed |Added
See Also|
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948
--- Comment #19 from Marcel de Rooy ---
(In reply to Marcel de Rooy from comment #18)
> Created attachment 124911 [details] [review]
> Bug 28948: Changes
Not completely finished here. Other test needs adjustment still.
Read
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948
--- Comment #18 from Marcel de Rooy ---
Created attachment 124911
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=124911=edit
Bug 28948: Changes
--
You are receiving this mail because:
You are watching all bug
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948
--- Comment #17 from Marcel de Rooy ---
+# FIXME: All modules should have a corresponding allowlist eventually
+my $allowclass = ref($self) . '::Allowlist';
+if ( can_load( modules => { $allowclass => undef } ) ) {
+
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948
--- Comment #16 from Tomás Cohen Arazi ---
(In reply to Marcel de Rooy from comment #15)
> (In reply to Tomás Cohen Arazi from comment #14)
> > And have AllowList just read the library's defined lists... I mean not
> > implementing
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948
--- Comment #15 from Marcel de Rooy ---
(In reply to Tomás Cohen Arazi from comment #14)
> And have AllowList just read the library's defined lists... I mean not
> implementing a new AllowList class for each thing
Bug 28999
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948
--- Comment #14 from Tomás Cohen Arazi ---
Please, keep in mind that the API already has input/output validation,
specified in the OpenAPI spec. That's why this dev was originally simple and
only included a list of attributes for
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948
--- Comment #13 from Marcel de Rooy ---
(In reply to David Cook from comment #12)
> I think that we've overloaded the allow list concept. I originally came up
> with the allow list concept to function as a user input validation
>
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948
--- Comment #12 from David Cook ---
(In reply to Martin Renvoize from comment #10)
> I think we need more work here to provide
> for 'read' and 'write' allowlists.. we also need a way to alter the
> allowlist from the Koha object
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948
Marcel de Rooy changed:
What|Removed |Added
CC||m.de.r...@rijksmuseum.nl
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948
--- Comment #10 from Martin Renvoize ---
Created attachment 124749
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=124749=edit
Bug 28948: (follow-up) Use ::Allowlist structure
This patch updates the patchset to
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948
Tomás Cohen Arazi changed:
What|Removed |Added
Blocks||28965, 27358
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948
David Cook changed:
What|Removed |Added
CC||dc...@prosentient.com.au
--
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948
Tomás Cohen Arazi changed:
What|Removed |Added
Status|Failed QA |Signed Off
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948
Kyle M Hall changed:
What|Removed |Added
QA Contact||k...@bywatersolutions.com
--
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948
Kyle M Hall changed:
What|Removed |Added
Status|Signed Off |Failed QA
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948
Martin Renvoize changed:
What|Removed |Added
Status|Needs Signoff |Signed Off
--
You are
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948
--- Comment #7 from Martin Renvoize ---
OK.. grabbed the patches from bug 27358 as agreed and reworked them for the
libraries endpoints.. just minor alterations to tests to use the alternate
route really.
--
You are receiving this
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948
Martin Renvoize changed:
What|Removed |Added
Status|NEW |Needs Signoff
--
You
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948
--- Comment #6 from Martin Renvoize ---
Created attachment 124483
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=124483=edit
Bug 28948: (QA follow-up) Convert to allow-list
This patch converts the code to use an
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948
--- Comment #5 from Martin Renvoize ---
Created attachment 124482
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=124482=edit
Bug 28948: Add GET /public/libraries routes
This patch introduces a route to fetch a
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948
--- Comment #4 from Martin Renvoize ---
Created attachment 124481
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=124481=edit
Bug 28948: Teach objects.search about public requests
Signed-off-by: Martin Renvoize
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948
--- Comment #3 from Martin Renvoize ---
Created attachment 124480
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=124480=edit
Bug 28948: Make is_public stashed on public routes
This patch makes the API
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948
--- Comment #2 from Martin Renvoize ---
Created attachment 124479
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=124479=edit
Bug 28948: Add a generic way to handle API privileged access attributes
deny-list
This
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948
Martin Renvoize changed:
What|Removed |Added
See Also|
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948
--- Comment #1 from Martin Renvoize ---
I'm going to grab the foundations from bug 27358 to push here so we can get
those in but based on a simpler final goal with the libraries table.
--
You are receiving this mail because:
You
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28948
Martin Renvoize changed:
What|Removed |Added
Assignee|koha-b...@lists.koha-commun
82 matches
Mail list logo