https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=38040 --- Comment #32 from David Cook <dcook@prosentient.com.au> --- Since the holds in tmpl/intranet-tmpl/prog/en/includes/holds_table.inc are actually hashrefs from reserve/request.pl we can actually do the permission check in the controller, and then we just look for the flag in the template/view so that we can toggle the display accordingly. Something like "$logged_in_user->can_manage_hold($hold->patron)" would be good, because it could apply to both IndependentBranches and Library Groups. Plus we can then use it for validating the actions/ops server-side as well. The only question that remains then is how to gracefully handle errors server-side. Although really I think something like pre-validating before the action/op and throwing a 403 is not a bad idea. Simple and effective. -- You are receiving this mail because: You are watching all bug changes.