https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=37144 --- Comment #33 from David Cook <dcook@prosentient.com.au> --- (In reply to Laura Escamilla from comment #32)
In summary, the new subpermission would integrate with existing permissions by adding a layer of control over access to sensitive data, thus bridging the privacy gap without undermining the functionality of broader permissions like "list_borrowers."
I hope this clarifies how the new subpermission complements and enhances the existing permission structure. Please let me know if you need further details or have additional questions.
Thanks for that, Laura. I think that I understand what you're saying. In other words, anyone currently with "list_borrowers" (also "edit_borrowers" for legacy reasons although we didn't give all "edit_borrowers" the "list_borrowers" permission when it came out as "edit_borrowers" could still do everything "list_borrowers" could do) would also need "view_contact_information" in order to continue seeing the information they're currently seeing. At a glance, I don't see a patch attached that performs that update. Without it, I think a lot of Koha staff users would become very unhappy in prod. In some ways, it's a shame this isn't implemented via Koha::Patron. If it were, it could be unit tested. (For instance, Koha::Patron could have a method that restricts the display of certain information, and ./members/moremember.pl could invoke that method based on the permission that the session user has.) That actually reminds me... I thought Tomas and Martin previously were working on something like that, but I can't remember the details now. With it as a template change, we should probably have some Selenium tests. Actually Selenium tests would be good in either case, since we're talking about restricting sensitive information. -- You are receiving this mail because: You are watching all bug changes.