[Koha-bugs] [Bug 35227] REST API: Restricted staff users can see patron info (not exposed via UI)
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Thu Nov 2 11:10:53 CET 2023
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35227
--- Comment #1 from Marcel de Rooy <m.de.rooy at rijksmuseum.nl> ---
Current API authorizations in this context:
/patrons:
get:
x-koha-authorization:
permissions:
- borrowers: "edit_borrowers"
- tools: "label_creator"
- serials: "routing"
- acquisition: "order_manage"
post:
x-koha-authorization:
permissions:
borrowers: edit_borrowers
"/patrons/{patron_id}":
get:
x-koha-authorization:
permissions:
borrowers: edit_borrowers
put:
x-koha-authorization:
permissions:
borrowers: "1"
delete:
x-koha-authorization:
permissions:
borrowers: delete_borrowers
--
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
More information about the Koha-bugs
mailing list