[Koha-bugs] [Bug 32502] Getting patrons/{patron_id} via REST API requires edit_borrowers permission
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Fri Sep 1 01:19:23 CEST 2023
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=32502
--- Comment #5 from David Cook <dcook at prosentient.com.au> ---
(In reply to Tomás Cohen Arazi from comment #4)
> I'm not sure I agree with this patch.
>
> Our permissions schema is obfuscated, but
> view_borrower_infos_from_any_libraries goes too far as well. We really need
> something like 'view_borrowers', and let Koha::Patrons->search_limited take
> care of which patrons can actually be seen.
+1
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list