[Koha-bugs] [Bug 31555] New: Getting holds via REST API needs edit_borrowers permission
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Tue Sep 13 14:07:41 CEST 2022
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=31555
Bug ID: 31555
Summary: Getting holds via REST API needs edit_borrowers
permission
Change sponsored?: ---
Product: Koha
Version: master
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5 - low
Component: REST API
Assignee: koha-bugs at lists.koha-community.org
Reporter: johanna.raisa at koha-suomi.fi
CC: tomascohen at gmail.com
Permissions on holds GET endpoint and request.pl are different. Staff member
can see holds with place_holds permission and but via REST API it is blocked.
Also a staff member can see and modify holds on patron's page without
edit_borrowers permission. The GET endpoint should use place_holds permission
to be more consistent.
--
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
More information about the Koha-bugs
mailing list