[Koha-bugs] [Bug 30230] Search for patrons in checkout should not require edit_borrowers permission
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Tue Dec 5 23:15:33 CET 2023
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30230
--- Comment #37 from David Cook <dcook at prosentient.com.au> ---
(In reply to Lucas Gass from comment #36)
> > This permission is only there to allow search and list view of members, no
> > access to the details of each member (moremember.pl) and therefore in my
> > opinion no update... I've missed something else, or perhaps I'm
> > misunderstanding you.
>
> If staff can see/view borrower information before the patchset they need to
> have the same behavior after the patchset.
I agree with Lucas.
Another way to think of it is as "view" rather than "list". The user could just
visit http://localhost:8081/api/v1/patrons?_page=1&_per_page=100 and see all
the details, so it doesn't really make sense to stop them from seeing the
moremember.pl page.
(We just need to make sure someone with list_borrowers only can't add/update
borrowers. They're fine to view them.)
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list