https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=37144 --- Comment #41 from David Cook <dcook@prosentient.com.au> ---
With our mix of old and new code (C4/Koha) still not an easy task.
It is a tough one. I have a similar use case to Laura, which I'll likely need to code and deploy soon. I suspect I'll have to do something like this in the short-term, since it's the easier/quicker change to make. But I think we do need to put more thought into a design for a comprehensive solution. We need some way to associate the $logged_in_user with the Koha::Patron object, but there's lots of different ways of getting a Koha::Patron object even. On other projects with better MVC structures and smaller codebases, I've done some column-level security, although it was mostly in terms of restricting updates at the column-level. Using Koha::Proxy::Patron class to wrap Koha::Patron could work... except that there are ways of getting Koha::Patron objects from other objects which could bypass that. But maybe it would be enough... Actually, looking through './circ/circulation.pl' I'm thinking how we mostly want to use an unrestricted Koha::Patron for a lot of the business logic... but then for some things we'd want to use a Koha::Proxy::Patron with user restrictions for view logic... This is one of those topics where I think it's difficult to come up with a perfect design ahead of time... but where it's also easy to create a mess by having an incomplete design ahead of time... -- You are receiving this mail because: You are watching all bug changes.