[Koha-bugs] [Bug 30230] Search for patrons in checkout should not require edit_borrowers permission
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Wed Nov 22 00:47:20 CET 2023
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30230
--- Comment #19 from David Cook <dcook at prosentient.com.au> ---
(In reply to David Cook from comment #18)
> Actually, something like /api/v1/circ/search/patrons might be better.
> (Jonathan's ERM and preservation have shown how it's useful to organise
> endpoints under a module path.)
Under the hood, /api/v1/patrons and /api/v1/circ/search/patrons should use the
same model code, so it should be fairly trivial to implement in theory. The
/api/v1/circ/search/patrons controller would probably just need
"circulate_remaining_permissions" permission.
They may need "view_borrower_infos_from_any_libraries" as well although that
should hopefully be handled by the underlying model code. (This is what I mean
about how our permissions are confusing in terms of providing access to a page
vs providing access to an operation. In theory, by extension, we should have a
"view_borrowers" permission, except that's not really backwards compatible.
Although I suppose we could programmatically give "view_borrowers" to existing
users with "edit_borrowers"...)
--
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
More information about the Koha-bugs
mailing list