[Koha-bugs] [Bug 32502] Getting patrons/{patron_id} via REST API requires edit_borrowers permission
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Fri Feb 10 20:13:45 CET 2023
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=32502
Kyle M Hall <kyle at bywatersolutions.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #144845|0 |1
is obsolete| |
--- Comment #3 from Kyle M Hall <kyle at bywatersolutions.com> ---
Created attachment 146512
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=146512&action=edit
Bug 32502: Api call to patrons/{patron_id} permission change
The API permissions for GET patrons/{patron_id} required staff to have
edit_borrowers permission rather than
view_borrower_infos_from_any_libraries. This has now been changed to
allow staff to access patrons through the API.
Test plan:
1) From a staff account that does not have edit_borrowers permission,
make a request to patrons/{patron_id}
2) The request should be rejected
3) Apply patch
4) Repeat the request
5) The request should return the data for the patron requested
Signed-off-by: Frédéric Demians <f.demians at tamil.fr>
Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list