[Koha-bugs] [Bug 29509] GET /patrons* routes permissions excessive
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Tue Jan 23 12:24:57 CET 2024
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29509
Martin AUBEUT <martin.aubeut at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |martin.aubeut at gmail.com
--- Comment #19 from Martin AUBEUT <martin.aubeut at gmail.com> ---
(In reply to Martin Renvoize from comment #18)
> Created attachment 161271 [details] [review]
> Bug 29509: Update swagger specification and add permissions to users
>
> This patch removes the 'edit_borrowers', 'manage_bookings',
> 'lable_creator', 'routing' and 'order_manage' permissions from the list
> of options in the patrons list endpoint.
>
> We then assign the new 'list_borrowers' permission to any users who have
> those removed permissions
>
> Test plan
> 1) Apply patch and run the database update
> 2) Users with any of the permissions listed above should now also have
> the 'list_borrowers' permission too.
> 3) Check that patron searching continues to work from the various
> locations in the UI for the above affected users
For your information, this is the routes {staff_url}/api/v1/patrons
During the test plan, we needed more details about the locations related to :
manage_bookings, lable_creator, routing, order_manage.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list