[Koha-bugs] [Bug 30048] New: Koha::ArticleRequests->search_limited may be malformed.
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Tue Feb 8 16:31:45 CET 2022
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30048
Bug ID: 30048
Summary: Koha::ArticleRequests->search_limited may be
malformed.
Change sponsored?: ---
Product: Koha
Version: master
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5 - low
Component: Architecture, internals, and plumbing
Assignee: koha-bugs at lists.koha-community.org
Reporter: martin.renvoize at ptfs-europe.com
QA Contact: testopia at bugs.koha-community.org
Whilst digging through Koha::Suggestions with bug 29886 it highlighted to me
that our 'search_limited' method differs somewhat between different Koha
classes.
My initial understanding, from Koha::Patrons->search_limited, was that the idea
of search_limited was to protect patron data across branches. In actual fact,
it's more about restricting the object class in questions data from being
leaked across branches.
As such, I think the construction used in ArticleRequests is incorrect. Instead
of limiting based on the requesting patrons attached to the requests the
currently logged in patron can see.. we should be limiting simply by which
libraries the current patron is allowed to see... and the linked patron details
should be getting obfuscated in their own right.
--
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
More information about the Koha-bugs
mailing list