Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Override library for authenticated patron requests #45

Merged
merged 1 commit into from
Apr 15, 2024
Merged

Override library for authenticated patron requests #45

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 12 additions & 0 deletions api/controller/base.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -120,4 +120,16 @@ def library_for_request(self, library_short_name):
if not library:
return LIBRARY_NOT_FOUND
flask.request.library = library

# Finland: For authenticated patrons, override the library defined in the request
# and use the library assigned to that patron.
#
# This is a bit sketchy as the authentication requires library to be set already.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Any risk to get duplicate records?

Copy link
Contributor Author

@attemoi attemoi Apr 15, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think duplicate records are a risk here. The risk is I might've missed some detail that would make this break in some specific cases. Pretty sure it's fine though. Selecting the library (automatically) on client side might be a bit safer as the requests would then use the default (upstream) logic.

# So in practice the library in the URL path is used for authentication, but after
# that the request is performed with the patron's assigned library.
patron = self.manager.index_controller.authenticated_patron_from_request()
if isinstance(patron, Patron):
library = patron.library
flask.request.library = patron.library

return library