[Koha-bugs] [Bug 29509] GET /patrons* routes permissions excessive

[bugzilla-daemon at bugs.koha-community.org]

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29509

Victor Grousset/tuxayo <victor at tuxayo.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |victor at tuxayo.net

--- Comment #22 from Victor Grousset/tuxayo <victor at tuxayo.net> ---
> 2) Users with any of the permissions listed above should now also have
>   the 'list_borrowers' permission too.

I took a borrower, gave them
- catalogue
- manage_bookings
- edit_borrowers
- order_manage
- label_creator
- routing
to turn them info a librarian with the minimal permission for the tasks that
relate to list_borrowers

then
- apply patch & dep
- updatedatabase (dbrev printed as expected)
- restart_all
- opened the permission page
they still don't have list_borrowers permission! :o

Any idea about what could be missing?
No reason for them to be caught in @exclusions so I don't know why they don't
have the permission.

---

> 3) Check that patron searching continues to work from the various
   locations in the UI for the above affected users

For the next step when I'll be able to reach it, should I remove
- manage_bookings
- edit_borrowers
- order_manage
- label_creator
- routing
otherwise, that doesn't test at all that list_borrowers is really there. Vs
just look at the permission page.

Or maybe all the related features don't yet use list_borrowers?
If they do use, then it's supposed to be already tested. But I don't mind
double-checking if that looks relevant here.

-- 
You are receiving this mail because:
You are watching all bug changes.