https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30230 --- Comment #37 from David Cook <dcook@prosentient.com.au> --- (In reply to Lucas Gass from comment #36)
This permission is only there to allow search and list view of members, no access to the details of each member (moremember.pl) and therefore in my opinion no update... I've missed something else, or perhaps I'm misunderstanding you.
If staff can see/view borrower information before the patchset they need to have the same behavior after the patchset.
I agree with Lucas. Another way to think of it is as "view" rather than "list". The user could just visit http://localhost:8081/api/v1/patrons?_page=1&_per_page=100 and see all the details, so it doesn't really make sense to stop them from seeing the moremember.pl page. (We just need to make sure someone with list_borrowers only can't add/update borrowers. They're fine to view them.) -- You are receiving this mail because: You are watching all bug changes.