[Koha-bugs] [Bug 25947] Improve locked account message
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Fri Mar 3 10:44:59 CET 2023
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25947
--- Comment #14 from Marcel de Rooy <m.de.rooy at rijksmuseum.nl> ---
The setstatus.pl script certainly needs attention too:
Reading comments like:
#script to set or lift debarred status
No longer true?
# Ideally we should display a warning on the interface if the logged in user is
# not allowed to modify this patron.
# But a librarian is not supposed to hack the system
No longer true?
The code contains:
my ( $loggedinuserid ) = checkauth($input, 0, { borrowers => 'edit_borrowers'
}, 'intranet');
...
$logged_in_user->can_see_patron_infos
Includes: permission => 'borrowers',
subpermission => 'view_borrower_infos_from_any_libraries',
=> Feels like it is enough. But personally I would rather see a specific
permission for things like password, and locked status?
Instead of using this script with a GET operation, it feels better to use our
REST API and do a PUT/PATCH patron operation?
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list