[Koha-bugs] [Bug 28680] New: Staff without edit_borrower permission still see patron information
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Wed Jul 7 22:14:58 CEST 2021
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28680
Bug ID: 28680
Summary: Staff without edit_borrower permission still see
patron information
Change sponsored?: ---
Product: Koha
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P5 - low
Component: Patrons
Assignee: koha-bugs at lists.koha-community.org
Reporter: bwsdonna at gmail.com
QA Contact: testopia at bugs.koha-community.org
CC: gmcharlt at gmail.com, kyle.m.hall at gmail.com
The permission edit_borrowers specifies: Add, modify and view patron
information. However, when that permission is not enabled, staff can view
patron information in a number of places, including holds queue,
circulation.pl, waitingreserves.pl, and pendingreserves.pl.
In the Holds Queue staff can see patron name and other info for patrons at
their library, but patrons from other libraries show "patron from central
branch" etc. When looking at a bib record, if an item is checked out, only the
borrower number is displayed.
This should be consistent, where staff without that permission only see a
borrower number and nothing else.
To replicate, create a staff member with only permissions catalogue ( to log
in) and circulate_remaining_permissions. Check out to a patron, see the holds
queue, etc and see that the patron information is displayed.
--
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
More information about the Koha-bugs
mailing list