[Bug 20813] New: Revamp user permissions system
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 Bug ID: 20813 Summary: Revamp user permissions system Change sponsored?: --- Product: Koha Version: master Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 - low Component: Architecture, internals, and plumbing Assignee: koha-bugs@lists.koha-community.org Reporter: kyle@bywatersolutions.com QA Contact: testopia@bugs.koha-community.org Koha's current user permissions system is a bit convoluted and limited due to it's legacy where the permissions system was a simple set of flags. A second layer of sub-permissions were later added complication and obfuscation to the system. We should revamp the permissions system to be a more modern system and open the path to having unlimited nesting of sub-permissions instead of shoe-horning sub-permissions into the limited system we have. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 Kyle M Hall <kyle@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |Needs Signoff -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 --- Comment #1 from Kyle M Hall <kyle@bywatersolutions.com> --- Created attachment 75542 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=75542&action=edit Bug 20813: Update db schema -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 --- Comment #2 from Kyle M Hall <kyle@bywatersolutions.com> --- Created attachment 75543 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=75543&action=edit Bug 20813: Revamp user permissions system Koha's current user permissions system is a bit convoluted and limited due to it's legacy where the permissions system was a simple set of flags. A second layer of sub-permissions were later added complication and obfuscation to the system. We should revamp the permissions system to be a more modern system and open the path to having unlimited nesting of sub-permissions instead of shoe-horning sub-permissions into the limited system we have. Test Plan: 1) Apply this patch set 2) Run updatedatabase.pl 3) Restart all the things! 4) Koha should still enforce user permissions as before -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 --- Comment #3 from Kyle M Hall <kyle@bywatersolutions.com> --- Created attachment 75544 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=75544&action=edit Bug 20813: Remove deleted table -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 --- Comment #4 from Kyle M Hall <kyle@bywatersolutions.com> --- Created attachment 75545 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=75545&action=edit Bug 20813 [Do Not Push]: Update Schema Files -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 Kyle M Hall <kyle@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|koha-bugs@lists.koha-commun |kyle@bywatersolutions.com |ity.org | -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 --- Comment #5 from Kyle M Hall <kyle@bywatersolutions.com> --- Original pre-rebase code ( known to be working ): https://github.com/bywatersolutions/bywater-koha-devel/tree/user_permissions... -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 Kyle M Hall <kyle@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- URL| |https://github.com/bywaters | |olutions/bywater-koha-devel | |/tree/bug_20813 -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 Katrin Fischer <katrin.fischer@bsz-bw.de> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.koha-community | |.org/bugzilla3/show_bug.cgi | |?id=20956 -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 Christopher Brannon <cbrannon@cdalibrary.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |20956 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20956 [Bug 20956] BorrowersLog is not logging permission changes -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 Owen Leonard <oleonard@myacpl.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Needs Signoff |Patch doesn't apply --- Comment #6 from Owen Leonard <oleonard@myacpl.org> --- I'm changing this to "patch doesn't apply" because the attached patch didn't work correctly and Kyle said it was probably a rebase issue. I'm not comfortable signing off based on the original code because of how behind master it is. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 Katrin Fischer <katrin.fischer@bsz-bw.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |katrin.fischer@bsz-bw.de --- Comment #7 from Katrin Fischer <katrin.fischer@bsz-bw.de> --- Kyle, would you be ok to make this dependent on some patches in PQA when rebasing? bug 11911 - new permission for managing suggestions bug 7651 - new permission for managing currencies Both are adding new permissions. I am keen on resolving as many permission bugs as possible this release and would be happy to help with this one to have a better foundation. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 --- Comment #8 from Kyle M Hall <kyle@bywatersolutions.com> --- (In reply to Katrin Fischer from comment #7)
Kyle, would you be ok to make this dependent on some patches in PQA when rebasing?
bug 11911 - new permission for managing suggestions bug 7651 - new permission for managing currencies
Both are adding new permissions. I am keen on resolving as many permission bugs as possible this release and would be happy to help with this one to have a better foundation.
I'm a bit late replying, but yes. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 Katrin Fischer <katrin.fischer@bsz-bw.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends on| |11911, 7651 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=7651 [Bug 7651] Add separate permission for managing currencies and exchange rates https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11911 [Bug 11911] Add separate permission for managing suggestions -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 Katrin Fischer <katrin.fischer@bsz-bw.de> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.koha-community | |.org/bugzilla3/show_bug.cgi | |?id=11375 -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 --- Comment #9 from Katrin Fischer <katrin.fischer@bsz-bw.de> --- Working on a rebase, small conflict caused by http://git.koha-community.org/gitweb/?p=koha.git;a=blobdiff;f=C4/Auth.pm;h=1... Will see how far I get. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 Katrin Fischer <katrin.fischer@bsz-bw.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #75545|0 |1 is obsolete| | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 Katrin Fischer <katrin.fischer@bsz-bw.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends on|7651, 11911 |20226 CC| |oleonard@myacpl.org --- Comment #10 from Katrin Fischer <katrin.fischer@bsz-bw.de> --- Hi Kyle, I think with Koha's code having moved since this was originally written, this needs more of a rebase than I can handle :( Do you think you will have time to work on this? I'd really like to help move this along and will make time for it. Some things I noticed so far: - CATCODE_MULTI will be removed by bug 20226 - We have the patron object available in the templates now, so won't need the template variables (bug 18789) - We already got a has_permission in Patron.pm, so this gets doubled up by the patch - There is also a is_child that could simplify some of the code - Do we still need the description column in the permission table? We could think about removing it as the descriptions are in the templates. - Database update appears to be missing - Why the change to member in members-toolbar.inc? - Got confused by having both Koha::Patron::Permission(s) and Koha::Permission(s) - Owen is trying to get rid of the tree view on bug 11375 - maybe something to talk about before moving forward here or there. - I feel like we should keep part of the copyright on top of member-flags.pl I am thinking about moving on with my patch for making granular administration permissions that I had started as it might not be too hard to adapt this patch set (bug 14391). Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=7651 [Bug 7651] Add separate permission for managing currencies and exchange rates https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11911 [Bug 11911] Add separate permission for managing suggestions https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20226 [Bug 20226] Get rid of CATCODE_MULTI param decision in patron perl scripts -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 Katrin Fischer <katrin.fischer@bsz-bw.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Patch doesn't apply |Failed QA -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 Bug 20813 depends on bug 20226, which changed state. Bug 20226 Summary: Get rid of CATCODE_MULTI param decision in patron perl scripts https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20226 What |Removed |Added ---------------------------------------------------------------------------- Status|Pushed to Master |RESOLVED Resolution|--- |FIXED -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 Jonathan Druart <jonathan.druart@bugs.koha-community.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jonathan.druart@bugs.koha-c | |ommunity.org -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dcook@prosentient.com.au -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 --- Comment #11 from Kyle M Hall <kyle@bywatersolutions.com> --- I do not plan on continuing to develop this code. If anyone wished to pick it up and work on it, or use it as inspiration for a re-write, they are most welcome to it! I will remove myself as the assignee. (In reply to Katrin Fischer from comment #10)
Hi Kyle,
I think with Koha's code having moved since this was originally written, this needs more of a rebase than I can handle :(
Do you think you will have time to work on this? I'd really like to help move this along and will make time for it.
Some things I noticed so far:
- CATCODE_MULTI will be removed by bug 20226 - We have the patron object available in the templates now, so won't need the template variables (bug 18789) - We already got a has_permission in Patron.pm, so this gets doubled up by the patch - There is also a is_child that could simplify some of the code - Do we still need the description column in the permission table? We could think about removing it as the descriptions are in the templates. - Database update appears to be missing - Why the change to member in members-toolbar.inc? - Got confused by having both Koha::Patron::Permission(s) and Koha::Permission(s) - Owen is trying to get rid of the tree view on bug 11375 - maybe something to talk about before moving forward here or there. - I feel like we should keep part of the copyright on top of member-flags.pl
I am thinking about moving on with my patch for making granular administration permissions that I had started as it might not be too hard to adapt this patch set (bug 14391).
-- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 Kyle M Hall <kyle@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|kyle@bywatersolutions.com |koha-bugs@lists.koha-commun | |ity.org -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 --- Comment #12 from Katrin Fischer <katrin.fischer@bsz-bw.de> --- :( But thx for the status update, Kyle. Maybe someone will be able to pick this up! -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 --- Comment #13 from Kyle M Hall <kyle@bywatersolutions.com> --- (In reply to Katrin Fischer from comment #12)
:(
But thx for the status update, Kyle. Maybe someone will be able to pick this up!
Maybe post it to the developers list? Perhaps another Koha developer would be interested in picking it up! -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 Lari Taskula <lari.taskula@hypernova.fi> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.koha-community | |.org/bugzilla3/show_bug.cgi | |?id=14540 CC| |lari.taskula@hypernova.fi -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 Martin Renvoize <martin.renvoize@ptfs-europe.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |martin.renvoize@ptfs-europe | |.com -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 --- Comment #14 from Lari Taskula <lari.taskula@hypernova.fi> --- This would be really really really useful. The permission bits are one big headache because features introducing new ones will conflict with one another. And what about Koha plugins? Can they currently even add custom permission modules without eventually conflicting the bit value? +1 to this Bug -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 --- Comment #15 from Kyle M Hall <kyle@bywatersolutions.com> --- (In reply to Lari Taskula from comment #14)
This would be really really really useful. The permission bits are one big headache because features introducing new ones will conflict with one another.
And what about Koha plugins? Can they currently even add custom permission modules without eventually conflicting the bit value?
+1 to this Bug
I ran out of time to work on this, so if you want to pick it up please do! I wouldn't worry about plugins. I'm not aware of any plugins creating top level permissions. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 --- Comment #16 from Jonathan Druart <jonathan.druart@bugs.koha-community.org> --- I've tried to rebase the remote branch this morning but the original commits embed too many unrelated changes, which makes the work non trivial. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 --- Comment #17 from Lari Taskula <lari.taskula@hypernova.fi> --- (In reply to Kyle M Hall from comment #15)
I wouldn't worry about plugins. I'm not aware of any plugins creating top level permissions.
I see it likely that someone at some point will need it. Also, as discussed on #koha IRC [1], we noticed we will soon hit the top limit of borrowers.flags, making this Bug relevant and something that we should definitely look into. Hopefully we can find funding to continue this Bug. [1] http://irc.koha-community.org/koha/2020-07-29#i_2272965 -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 Fridolin Somers <fridolin.somers@biblibre.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |fridolin.somers@biblibre.co | |m --- Comment #18 from Fridolin Somers <fridolin.somers@biblibre.com> --- This bug is now even more relevant for security reasons -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 --- Comment #19 from David Cook <dcook@prosentient.com.au> --- For a while, I've been fantasizing about an RBAC or ABAC permission system, but I think modernizing Koha's AuthZ might be an insurmountable task. I like the idea of groups too. Administrators, Cataloguers, and Circulation as three out-of-the-box groups with default permissions set. Rather than setting permissions for individual users, the average library might just assign users to groups and manage permissions at the group level. I think someone needs to do something (although it's not going to be me). -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 Kyle M Hall <kyle@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|koha-bugs@lists.koha-commun |kyle@bywatersolutions.com |ity.org | -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 Kyle M Hall <kyle@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|enhancement |normal -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 Kyle M Hall <kyle@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Failed QA |Needs Signoff -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 Kyle M Hall <kyle@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #75542|0 |1 is obsolete| | Attachment #75543|0 |1 is obsolete| | Attachment #75544|0 |1 is obsolete| | --- Comment #20 from Kyle M Hall <kyle@bywatersolutions.com> --- Created attachment 124834 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=124834&action=edit Bug 20813: Update db schema -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 --- Comment #21 from Kyle M Hall <kyle@bywatersolutions.com> --- Created attachment 124835 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=124835&action=edit Bug 20813: Revamp user permissions system Koha's current user permissions system is a bit convoluted and limited due to it's legacy where the permissions system was a simple set of flags. A second layer of sub-permissions were later added complication and obfuscation to the system. We should revamp the permissions system to be a more modern system and open the path to having unlimited nesting of sub-permissions instead of shoe-horning sub-permissions into the limited system we have. Test Plan: 1) Apply this patch set 2) Run updatedatabase.pl 3) Restart all the things! 4) Koha should still enforce user permissions as before -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 --- Comment #22 from Kyle M Hall <kyle@bywatersolutions.com> --- Created attachment 124836 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=124836&action=edit Bug 20813: Remove deleted table -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 --- Comment #23 from Kyle M Hall <kyle@bywatersolutions.com> --- (In reply to Fridolin Somers from comment #18)
This bug is now even more relevant for security reasons
Given that, I've rebased this patch set. I haven't tested it at all yet. Please let me know if it any issue! Given the age of the patches, I think a fresh sign-off is in order! -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 Andrew Fuerste-Henry <andrew@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |andrew@bywatersolutions.com Status|Needs Signoff |Failed QA --- Comment #24 from Andrew Fuerste-Henry <andrew@bywatersolutions.com> --- These apply ok, but then I just get the web installer on my testing docker. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 --- Comment #25 from Kyle M Hall <kyle@bywatersolutions.com> --- Created attachment 126280 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=126280&action=edit Bug 20813: Remove flags references from Patron.pm, fix method has_permission -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 Kyle M Hall <kyle@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Failed QA |Needs Signoff -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 Kyle M Hall <kyle@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #124834|0 |1 is obsolete| | Attachment #124835|0 |1 is obsolete| | Attachment #124836|0 |1 is obsolete| | Attachment #126280|0 |1 is obsolete| | --- Comment #26 from Kyle M Hall <kyle@bywatersolutions.com> --- Created attachment 126281 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=126281&action=edit Bug 20813: Update db schema -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 --- Comment #27 from Kyle M Hall <kyle@bywatersolutions.com> --- Created attachment 126282 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=126282&action=edit Bug 20813: Revamp user permissions system Koha's current user permissions system is a bit convoluted and limited due to it's legacy where the permissions system was a simple set of flags. A second layer of sub-permissions were later added complication and obfuscation to the system. We should revamp the permissions system to be a more modern system and open the path to having unlimited nesting of sub-permissions instead of shoe-horning sub-permissions into the limited system we have. Test Plan: 1) Apply this patch set 2) Run updatedatabase.pl 3) Restart all the things! 4) Koha should still enforce user permissions as before -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 --- Comment #28 from Kyle M Hall <kyle@bywatersolutions.com> --- Created attachment 126283 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=126283&action=edit Bug 20813: Remove deleted table -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 --- Comment #29 from Kyle M Hall <kyle@bywatersolutions.com> --- Created attachment 126284 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=126284&action=edit Bug 20813: Update atomic update to new format -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 --- Comment #30 from Kyle M Hall <kyle@bywatersolutions.com> --- Created attachment 126285 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=126285&action=edit Bug 20813: Remove flags references from Patron.pm, fix method has_permission -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 Kyle M Hall <kyle@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #126281|0 |1 is obsolete| | Attachment #126282|0 |1 is obsolete| | Attachment #126283|0 |1 is obsolete| | Attachment #126284|0 |1 is obsolete| | Attachment #126285|0 |1 is obsolete| | --- Comment #31 from Kyle M Hall <kyle@bywatersolutions.com> --- Created attachment 126287 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=126287&action=edit Bug 20813: Update db schema -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 --- Comment #32 from Kyle M Hall <kyle@bywatersolutions.com> --- Created attachment 126288 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=126288&action=edit Bug 20813: Revamp user permissions system Koha's current user permissions system is a bit convoluted and limited due to it's legacy where the permissions system was a simple set of flags. A second layer of sub-permissions were later added complication and obfuscation to the system. We should revamp the permissions system to be a more modern system and open the path to having unlimited nesting of sub-permissions instead of shoe-horning sub-permissions into the limited system we have. Test Plan: 1) Apply this patch set 2) Run updatedatabase.pl 3) Restart all the things! 4) Koha should still enforce user permissions as before -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 --- Comment #33 from Kyle M Hall <kyle@bywatersolutions.com> --- Created attachment 126289 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=126289&action=edit Bug 20813: Remove deleted table -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 Kyle M Hall <kyle@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|normal |major -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 Marcel de Rooy <m.de.rooy@rijksmuseum.nl> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |m.de.rooy@rijksmuseum.nl --- Comment #34 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- ERROR - {UNKNOWN}: DBI Exception: DBD::mysql::db do failed: Cannot add or update a child row: a foreign key constraint fails (`koha_myclone`.`user_permissions`, CONSTRAINT `user_permissions_ibfk_2` FOREIGN KEY (`code`) REFERENCES `permissions` (`code`)) at /usr/share/koha/C4/Installer.pm line 736 -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 --- Comment #35 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- (In reply to Marcel de Rooy from comment #34)
ERROR - {UNKNOWN}: DBI Exception: DBD::mysql::db do failed: Cannot add or update a child row: a foreign key constraint fails (`koha_myclone`.`user_permissions`, CONSTRAINT `user_permissions_ibfk_2` FOREIGN KEY (`code`) REFERENCES `permissions` (`code`)) at /usr/share/koha/C4/Installer.pm line 736
Repeated the install on a fresh system without this warning. Benefit of the doubt. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 --- Comment #36 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- But couldnt get thru onboarding with your patches. Borrowers from the optional data were not inserted too. There must be references to flags still somewhere. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 Marcel de Rooy <m.de.rooy@rijksmuseum.nl> changed: What |Removed |Added ---------------------------------------------------------------------------- QA Contact|testopia@bugs.koha-communit |m.de.rooy@rijksmuseum.nl |y.org | Status|Needs Signoff |Failed QA Severity|major |enhancement --- Comment #37 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- C4/Acquisition.pm: my $sth = $dbh->prepare("SELECT flags FROM borrowers WHERE borrowernumber = ?"); C4/Auth.pm:"select borrowernumber, firstname, surname, flags, borrowers.branchcode, branches.branchname as branchname, email from borrowers left join branches on borrowers.branchcode=branches.branchcode where userid=?" C4/Members.pm: AND ( borrowers.flags IS NULL OR borrowers.flags = 0 ) t/db_dependent/Serials_2.t: UPDATE borrowers SET flags=? WHERE borrowernumber=? t/db_dependent/api/v1/holds.t: flags => 80, #borrowers and reserveforothers flags t/db_dependent/api/v1/patrons_extended_attributes.t: value => { flags => 2**4 } # 'borrowers' flag == 4 t/db_dependent/api/v1/patrons_holds.t: value => { flags => 2 ** 4 } # 'borrowers' flag == 4 This is just top of the iceberg. Looks like this development is far from ready. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 --- Comment #38 from David Cook <dcook@prosentient.com.au> --- This is just an aside but "unlimited nesting of sub-permissions" sounds like it would be difficult to maintain and process, but maybe I'm misunderstanding the proposal. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 --- Comment #39 from Martin Renvoize <martin.renvoize@ptfs-europe.com> --- I've discussed this a little offline with a few people but never found a moment to put it down as a comment here. I think this bug starts going in the right direction.. but.. I don't think we should continue down the route of 'nesting' permissions in a hierarchy. I'd rather see 'a bag of permissions' and then ways to arbitrarily group them.. be that for 'roles' or 'permissions groups' or whatever. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 --- Comment #40 from David Cook <dcook@prosentient.com.au> --- (In reply to Martin Renvoize from comment #39)
I've discussed this a little offline with a few people but never found a moment to put it down as a comment here.
I think this bug starts going in the right direction.. but..
I don't think we should continue down the route of 'nesting' permissions in a hierarchy.
I'd rather see 'a bag of permissions' and then ways to arbitrarily group them.. be that for 'roles' or 'permissions groups' or whatever.
Agreed. I think a good first step would be to have a single coherent way of fetching and checking permissions (ie authorizations) across Koha, and then we can incrementally improve the creation and organisation of permissions. Right now, we use "C4::Auth::haspermission($userid,$flagsrequired)" in order to get our permission data structure, when really we should be doing something like "Koha::Auth->is_authorized({ flags => $flags, flagsrequired => $flagsrequired })" Bug 31389 takes the $flags data structure and translates it into something that can be used for the template authorizations. Koha::Auth->is_authorized could actually leverage Koha::Auth::Permissions->get_authz_from_flags(). Or something new could be made that fits the different scenarios. -- Overall, we're not doing anything too complicated with permissions/authorizations. Maybe I could have another look at this sometime... -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 --- Comment #41 from David Cook <dcook@prosentient.com.au> --- (In reply to Marcel de Rooy from comment #37)
This is just top of the iceberg. Looks like this development is far from ready.
Yikes... yeah maybe it'll be a while before we get rid of flags... -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 --- Comment #42 from David Cook <dcook@prosentient.com.au> --- I like a lot of things from these patches, but I reckon they could probably be broken up into a number of smaller issues. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 --- Comment #43 from David Cook <dcook@prosentient.com.au> --- (In reply to David Cook from comment #42)
I like a lot of things from these patches, but I reckon they could probably be broken up into a number of smaller issues.
- Refactor C4::Auth::getuserflags() and move to Koha::Auth::Permissions->get_flags() with unit tests - Refactor Koha::Auth::Permissions->get_authz_from_flags to build a fully populated authz hash, and then create Koha::Auth::Permissions->get_template_authz_from_authz() - Refactor C4::Auth::haspermission() (this is actually used more extensively through Koha than I originally thought...) - Update Acquisition.pm, Budgets.pm, about.pl, and other users of authorization data checks outside of the initial AuthZ check on page load... The goal of the above is to centralize the business logic of permission/authorization checks in Koha, so we're not repeating complex code structures throughout the app. - Finally, move "flags" column into "user_permissions" table (that said, this could have unexpected consequences for borrower_modifications and deletedborrowers...)(this also will have consequences with manual SQL and tests) The goal of the above is to free us from the bit-packed "flags" integer and separate sub-permission table, so that it's easier to create and organise flags/permissions. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 --- Comment #44 from David Cook <dcook@prosentient.com.au> --- Want to work on this since it's fresh in the mind... but better work on OIDC instead... -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 --- Comment #45 from Kyle M Hall <kyle@bywatersolutions.com> --- (In reply to David Cook from comment #44)
Want to work on this since it's fresh in the mind... but better work on OIDC instead...
If you do decide to, I'll be happy to sign/qa anything you do :) -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 Caroline Cyr La Rose <caroline.cyr-la-rose@inlibro.com> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.koha-community | |.org/bugzilla3/show_bug.cgi | |?id=7003 CC| |caroline.cyr-la-rose@inlibr | |o.com -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 Katie Bliss <kebliss@dmpl.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |kebliss@dmpl.org -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 Lisette Scheer <lisette@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |lisette@bywatersolutions.co | |m Depends on| |38141, 38140, 38139, 38137, | |38063 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=38063 [Bug 38063] Add batch patron permission modification https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=38137 [Bug 38137] Refactor Koha::Auth::Permissions->get_authz_from_flags to build a fully populated authz hash, and then create Koha::Auth::Permissions->get_template_authz_from_authz() https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=38139 [Bug 38139] Refactor C4::Auth::getuserflags() and move to Koha::Auth::Permissions->get_flags() with unit tests https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=38140 [Bug 38140] pdate Acquisition.pm, Budgets.pm, about.pl, and other users of authorization data checks outside of the initial AuthZ check on page load https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=38141 [Bug 38141] Move "flags" column into "user_permissions" table -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 Michelle Spinney <mspinney@clamsnet.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mspinney@clamsnet.org -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 Miranda Nero <mnero@oslri.net> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mnero@oslri.net -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 Blou <philippe.blouin@inlibro.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks|20956 | Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20956 [Bug 20956] BorrowersLog is not logging permission changes -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 Brendan Lawlor <blawlor@clamsnet.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |blawlor@clamsnet.org -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.koha-community | |.org/bugzilla3/show_bug.cgi | |?id=18787 -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 Lisette Scheer <lisette@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends on| |41549 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=41549 [Bug 41549] Add Koha::Permission object -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 Lisette Scheer <lisette@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends on| |41550 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=41550 [Bug 41550] Add Koha::Role object -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 Lisette Scheer <lisette@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends on| |41551 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=41551 [Bug 41551] Build migration tool for new permissions -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 Caroline Cyr La Rose <caroline.cyr-la-rose@inlibro.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |41845 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=41845 [Bug 41845] Don't mix "allow" and "restrict" permissions -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 Lisette Scheer <lisette@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.koha-community | |.org/bugzilla3/show_bug.cgi | |?id=40546 -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 Lisette Scheer <lisette@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks|41845 | Status|Failed QA |ASSIGNED Assignee|kyle@bywatersolutions.com |lisette@bywatersolutions.co | |m Depends on| |41845 --- Comment #46 from Lisette Scheer <lisette@bywatersolutions.com> --- Setting this back to assigned as Martin and I are working on an overhaul. This is the omnibus for all the changes we're working on, there's a tree Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=41845 [Bug 41845] Don't mix "allow" and "restrict" permissions -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 Lisette Scheer <lisette@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends on|38137 | Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=38137 [Bug 38137] Refactor Auth to check the new Koha::AccessControl::Permissions and Koha::AccessControl::Roles objects -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 Bug 20813 depends on bug 38063, which changed state. Bug 38063 Summary: Add batch patron permission modification https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=38063 What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |DUPLICATE -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 Lisette Scheer <lisette@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends on|41549 | Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=41549 [Bug 41549] Add Koha::AccessControl::Permission object -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 Lisette Scheer <lisette@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends on|38063 | Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=38063 [Bug 38063] Add batch patron permission modification -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 Lisette Scheer <lisette@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends on|38140 | Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=38140 [Bug 38140] Update Acquisition.pm, Budgets.pm, about.pl, and other users of authorization data checks outside of the initial AuthZ check on page load -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 Lisette Scheer <lisette@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends on|38141 | Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=38141 [Bug 38141] Move "flags" column into "user_permissions" table -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 Lisette Scheer <lisette@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends on|41550 | Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=41550 [Bug 41550] Add Koha::AccessControl::Role object -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 Lisette Scheer <lisette@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends on|38139 | Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=38139 [Bug 38139] Refactor C4::Auth::getuserflags() and move to Koha::Auth::Permissions->get_flags() with unit tests -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 Lisette Scheer <lisette@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- URL|https://github.com/bywaters |https://docs.google.com/doc |olutions/bywater-koha-devel |ument/d/e/2PACX-1vT7Pi2SZjD |/tree/bug_20813 |jf09LNw_k-XZwkSg8c88kzAJOXF | |4BW0s1ffjTKWVsSG3WClTriJ5YX | |6Dt_pbP8hQ1O3TE/pub -- You are receiving this mail because: You are watching all bug changes.
From the spec I linked above, these are 2 of the big sections about the overall
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 --- Comment #47 from Lisette Scheer <lisette@bywatersolutions.com> --- plan, I'll also add the spec sections to the relevant bugs. The current Koha permissions system has evolved organically over 20+ years, resulting in mixed ideologies, inconsistent granularity, and architectural confusion. This proposal outlines a modern Role-Based Access Control (RBAC) system that provides: - Clear separation of concerns (resources, actions, scopes) - Consistent CRUD patterns across all modules - Role-based abstraction for easier administration - Library/branch-level scoping built into the core model - Backward compatibility during migration - Future extensibility for multi-tenancy and advanced features Core Principles - Resources not Functions - Permissions apply to resources (Patrons, Items, Budgets) - CRUD Consistency - Every resource has standard Create, Read, Update, Delete - Scope Separation - Library/branch restrictions are separate from permissions - Role Abstraction - Users assigned roles, roles have permissions - Explicit Dependencies - Permission prerequisites are enforced in code - Extensible - Easy to add new resources and actions User → Role → Permission → Resource + Action + Scope -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 --- Comment #48 from Lisette Scheer <lisette@bywatersolutions.com> --- Example of actions: | Action | Description | Example | | ------- | ----------------- | --------------------- | | create | Add new resources | Create new patron | | read | View resources | View patron details | | update | Modify existing | Update patron address | | delete | Remove resources | Delete patron record | | list | Search/browse | Search all patrons | | execute | Run operations | Run a report | | manage | Full control | All patron operations | | ------- | ----------------- | --------------------- | Example of scopes: | Scope | Description | Example | | ------------- | -------------------- | ------------------------ | | own | Only own records | Own created reports | | own_library | Own branch | Patrons from own library | | library_group | Library group/system | Multi-branch system | | any | All libraries | System-wide access | | none | No restrictions | System preferences | Resource: patrons Actions: create, read, update, delete, list, merge Scopes: own_library, library_group, any Resource: patron_attributes Actions: create, read, update, delete Scopes: own_library, any Resource: patron_categories Actions: create, read, update, delete, list Scopes: none (system-wide configuration) -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 David Nind <david@davidnind.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |david@davidnind.com -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 Paul Derscheid <paul.derscheid@lmscloud.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |paul.derscheid@lmscloud.de -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 Aude Charillon <aude.charillon@openfifth.co.uk> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |aude.charillon@openfifth.co | |.uk -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 Sally <sally.healey@cheshiresharedservices.gov.uk> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |sally.healey@cheshireshared | |services.gov.uk -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 Andrew Fuerste-Henry <andrew@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |42643 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42643 [Bug 42643] [OMNIBUS] Assorted performance and stability work -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 Chip Halvorsen <Chip.Halvorsen@WestlakeLibrary.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |Chip.Halvorsen@WestlakeLibr | |ary.org -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.koha-community | |.org/bugzilla3/show_bug.cgi | |?id=39199 -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.koha-community | |.org/bugzilla3/show_bug.cgi | |?id=42663 -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 --- Comment #49 from David Cook <dcook@prosentient.com.au> --- Something to keep in mind is how we're going to get the user, their role, and their permissions. A lot of our use of C4::Context->userenv has been pretty problematic over the years. We've got an opportunity to fix that. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 --- Comment #50 from David Cook <dcook@prosentient.com.au> --- Another thing to keep in mind is the API. As I talk about on https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=39199#c14 there are times where a user acts on their own behalf (ie the OPAC), and then there are times where a staff user does things to/for other users, or even on their behalf (in cases like holds). -- You are receiving this mail because: You are watching all bug changes.
participants (1)
-
bugzilla-daemon@bugs.koha-community.org