[Koha-bugs] [Bug 30624] Add a permission to control the ability to change the logged in library
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Tue Feb 28 18:02:59 CET 2023
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30624
--- Comment #41 from Lucas Gass <lucas at bywatersolutions.com> ---
(In reply to Katrin Fischer from comment #40)
> 1) We have a mix now of $flags->{superlibrarian} == 1 and
> $patron->is_superlibrarian
>
> I remember that is_superlibrarian was created in order to fix and avoid a
> lot of false/wrong permission checks for superlibrarian in the codebase. I
> am not sure if the flags will work correctly, maybe someone else could weigh
> in? Should we be consistent or doesn't it matter?
The inconsistency is set-library.pl. Instead of building a patron object so
that we can use $patron->is_superlibrarian I think we can use C4::Context for
the check.
> 2) Database update
>
> UPDATE borrowers SET flags = flags + (1<<29) WHERE flags & 4
>
> Can you explain that one to me? I have written stuff like that before, but
> it's not coming back to me right now. I had expected something like "where
> flags != 0 and IS NOT NULL"?
Using 1<<29 since borrower.flags is stored in bits. It's the bitwise operator
'<<'. (right shift) I used in order to preserve other permissions set in
borrower.flag. It takes the original value and adds (1<<29).
> 3) Changing home library
>
> The staff user can still change their own home branch and circumvent the
> limitation that way. Should we make the library read only when the
> permission is missing?
Good point. Do you think that is within the scope of this bug?
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list