[Koha-bugs] [Bug 32502] Getting patrons/{patron_id} via REST API requires edit_borrowers permission
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Thu Feb 16 15:56:03 CET 2023
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=32502
Tomás Cohen Arazi <tomascohen at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|Passed QA |In Discussion
--- Comment #4 from Tomás Cohen Arazi <tomascohen at gmail.com> ---
I'm not sure I agree with this patch.
Our permissions schema is obfuscated, but
view_borrower_infos_from_any_libraries goes too far as well. We really need
something like 'view_borrowers', and let Koha::Patrons->search_limited take
care of which patrons can actually be seen.
Something like:
my $patron = Koha::Patrons->search_limited;
unless ($patron) {
# return 404
}
return $patron->to_api;
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list