https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=41845 --- Comment #3 from David Cook <dcook@prosentient.com.au> --- (In reply to Caroline Cyr La Rose from comment #2)
I think what bugs me most is that when I check the main "Cataloging" permission (editcatalogue), it also checks the restrictive permission (edit_items_restricted) which means that you think the person has all permissions in cataloging, but in fact they don't.
Oh wow... that is really bad. I've never noticed that before as I don't have many libraries using the syspref SubfieldsToAllowForRestrictedEditing. But yikes! That has to be a bug. And yet... yeah... that really exposes just how bad that permission is designed. It could be improved a bit so that if you have the full editcatalogue permission it doesn't apply the restriction (like how it doesn't apply the restriction to superlibrarian) but still... not good.
I'm not sure how the revamp will affect the UI, but I think that if continue to have restrictive permissions, if you check the "main" permission of a group, it should NOT include the restrictive permissions (i.e. checking editcatalogue should check everything in that section EXCEPT edit_items_restricted)
Well, the issue isn't really with "edit_items_restricted" being checked, because if you have full editcatalogue permission, you don't have the subpermission stored in the database. It's just an implied subpermission given you have the full top-level permission. I agree though that someone with full "editcatalogue" permission shouldn't have "edit_items_restricted" apply to them. I don't know that a "restriction" category would necessarily make sense since the restrictions wouldn't be grouped in any other way other than being restrictions... Personally, I would love to see "policies" that allow/deny actions, which could then be attached to individuals or patron categories. I could imagine some stock policies like "cataloguer" which people could then tailor, and "limited_cataloguer" could be made and have "edit_items_restricted" added. But then how to categorise those permissions vs restrictions in whatever hypothetical editor we came up with... But yeah... it's the permission/subpermission inheritance thing which is really the problem here... I'm not sure how to solve this one with our current permission system. I really dislike that things like "edit_items_restricted" and "view_borrower_infos_from_any_libraries" exist. We need to have more of a think about how we can restructure these... -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.