[Koha-bugs] [Bug 22265] New: Processing article requests requires borrowers permission

bugzilla-daemon at bugs.koha-community.org bugzilla-daemon at bugs.koha-community.org
Sun Feb 3 12:16:41 CET 2019 

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22265

            Bug ID: 22265
           Summary: Processing article requests requires borrowers
                    permission
 Change sponsored?: ---
           Product: Koha
           Version: master
          Hardware: All
                OS: All
            Status: NEW
          Severity: minor
          Priority: P5 - low
         Component: Circulation
          Assignee: koha-bugs at lists.koha-community.org
          Reporter: katrin.fischer at bsz-bw.de
        QA Contact: testopia at bugs.koha-community.org
                CC: gmcharlt at gmail.com, kyle.m.hall at gmail.com
  Target Milestone: ---

I just noticed that you will only be able to see article requests if the staff
patron has "borrowers" permission. You can still access the article requests
page without the permission, but it will always show "no pending article
requests".

This dependency doesn't seem logical, especially since you can still access the
page and it just seems like there are no requests. The problem seems to come
from this part of the code:

Koha::ArticleRequests:

sub search_limited {
    my ( $self, $params, $attributes ) = @_;

    my $userenv = C4::Context->userenv;
    my @restricted_branchcodes;
    if ( $userenv and $userenv->{number} ) {
        my $logged_in_user = Koha::Patrons->find( $userenv->{number} );
        @restricted_branchcodes =
$logged_in_user->libraries_where_can_see_patrons;
    }
    # TODO This 'borrowernumber' relation name is confusing and needs to be
renamed
    $params->{'borrowernumber.branchcode'} = { -in => \@restricted_branchcodes
} if @restricted_branchcodes;
    $attributes->{join} = 'borrowernumber';
    return $self->search( $params, $attributes );
}


Not sure yet what the best way would be:

Do we want to allow article request processing without borrowers?

   If no, we could hide article requests from view if the staff user doesn't
   have the required permission.

   If yes, what would be the consequence? (stuck on that one)

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.

More information about the Koha-bugs mailing list