Koha Test Wiki Canasta - March 2024

One of a series of test instances for migrating the Koha Wiki MediaWiki database.

For the current Koha Wiki, visit https://wiki.koha-community.org .

Partial resources RFC

From Koha Test Wiki Canasta
Jump to navigation Jump to search

There are use cases in which a resource information needs to be publicly accesible, but some bits restricteed to users with specific permissions.

We implement a whitelisting approach for this cases. Publicly accesible attributes are marked with a local attribute 'x-public', which is used in the authentication chain. Following the principle of Least Surprise, the endpoint will return the publicly accessible portion of the objects by default (so it will be the expected behaviour for API consumers).

Consumers that require protected attributes will be rejected if they don't have enough permissions.