https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40023 --- Comment #4 from Tomás Cohen Arazi (tcohen) <tomascohen@gmail.com> --- (In reply to David Cook from comment #3)
At the moment the permission required for this endpoint is 'borrowers: "1"', but that's way too permissive. As per bug 36561, this means that any patron with any "borrowers" permission can use this endpoint.
My interpretation was 'borrowers: 1' means the top-level permission, thus all borrower related permisions, so maybe too restrictive, even. That's why I proposed this. That said, I like the idea of a configuration patron profile endpoint. In the meantime... what permissions would you require to allow having access to the full patron object? Best regards. -- You are receiving this mail because: You are watching all bug changes.