https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=31555 Bug ID: 31555 Summary: Getting holds via REST API needs edit_borrowers permission Change sponsored?: --- Product: Koha Version: master Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 - low Component: REST API Assignee: koha-bugs@lists.koha-community.org Reporter: johanna.raisa@koha-suomi.fi CC: tomascohen@gmail.com Permissions on holds GET endpoint and request.pl are different. Staff member can see holds with place_holds permission and but via REST API it is blocked. Also a staff member can see and modify holds on patron's page without edit_borrowers permission. The GET endpoint should use place_holds permission to be more consistent. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.