Override library for authenticated patron requests

Each patron is assigned one library based on municipality. The clients are currently sending all requests towards the default library, which fails due to authorization. The alternative to this change would be to make the clients choose the correct library based on the authentication response.
NatLibFi · Apr 15, 2024 · 265e070 · 265e070
1 parent 2ab9006
commit 265e070
Showing 1 changed file with 12 additions and 0 deletions.
diff --git a/api/controller/base.py b/api/controller/base.py
@@ -120,4 +120,16 @@ def library_for_request(self, library_short_name):
         if not library:
             return LIBRARY_NOT_FOUND
         flask.request.library = library
+
+        # Finland: For authenticated patrons, override the library defined in the request
+        # and use the library assigned to that patron.
+        #
+        # This is a bit sketchy as the authentication requires library to be set already.
+        # So in practice the library in the URL path is used for authentication, but after
+        # that the request is performed with the patron's assigned library.
+        patron = self.manager.index_controller.authenticated_patron_from_request()
+        if isinstance(patron, Patron):
+            library = patron.library
+            flask.request.library = patron.library
+
         return library