[Bug 36085] New: Protected Status should come with a permission
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36085 Bug ID: 36085 Summary: Protected Status should come with a permission Change sponsored?: --- Product: Koha Version: 23.11 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 - low Component: Patrons Assignee: koha-bugs@lists.koha-community.org Reporter: kelly@bywatersolutions.com QA Contact: testopia@bugs.koha-community.org CC: gmcharlt@gmail.com, kyle.m.hall@gmail.com With the new enhancement, 26170, add protected status to patrons, this allows any patron to be updated/edited to be a 'protected patron'. Staff with 'edit borrowers' permission will be able to update this status. I believe there should be a permission to allow for this field to be updated/edited within Koha. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36085 Emily Lamancusa <emily.lamancusa@montgomerycountymd.gov> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |emily.lamancusa@montgomeryc | |ountymd.gov Depends on| |26170 --- Comment #1 from Emily Lamancusa <emily.lamancusa@montgomerycountymd.gov> --- +1 for adding a permission! Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26170 [Bug 26170] Add protected status for patrons -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36085 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dcook@prosentient.com.au --- Comment #2 from David Cook <dcook@prosentient.com.au> --- Mmm that's an interesting one. My original vision for this was to have it manageable only be superlibrarians (or no web users at all even). It looks like Magnus thought about a permission for changing the protected flag in comment 14 of bug 26170. The hard part about adding a permission is then who is allowed to set that permission? (Sort of a "who watches the watcher" scenario.) -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36085 Katrin Fischer <katrin.fischer@bsz-bw.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Version|23.11 |Main CC| |pedro.amorim@ptfs-europe.co | |m --- Comment #3 from Katrin Fischer <katrin.fischer@bsz-bw.de> --- At the hackfest in Marseille we had a long discussion about a potential new permission system based on CRUD and objects. Having a permission for a single field goes a bit beyond that. I'd be interested to hear about the use case for needing the extra protection here. Are you worried that staff will remove the protected status willingly? -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36085 --- Comment #4 from Kelly McElligott <kelly@bywatersolutions.com> --- Yes, having that extra layer of protection with a permission. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36085 Katie Bliss <kebliss@dmpl.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |kebliss@dmpl.org -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36085 Jake Deery <jake.deery@ptfs-europe.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jake.deery@ptfs-europe.com Status|NEW |ASSIGNED -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36085 Martin Renvoize <martin.renvoize@ptfs-europe.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |martin.renvoize@ptfs-europe | |.com -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36085 Jake Deery <jake.deery@ptfs-europe.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|koha-bugs@lists.koha-commun |jake.deery@ptfs-europe.com |ity.org | -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36085 --- Comment #5 from Jake Deery <jake.deery@ptfs-europe.com> --- See: https://chat.koha-community.org/koha-community/pl/bnfop47u8ifauf4gpnby4rdd8y It would be nice to have a discussion on some use-cases before deciding which direction to take on this bug. Is it because we are worried librarians might erroneously pick the wrong option for their needs, or that the labelling of the options in memberentry.pl are too vague? Perhaps rather than a permission, we just need better documentation and in-line information? -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36085 Jan Kissig <bibliothek@th-wildau.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |bibliothek@th-wildau.de --- Comment #6 from Jan Kissig <bibliothek@th-wildau.de> --- As I understand the protected status is preferred to administrative system users like sip2, api, selfcheck etc so that my colleagues at the counter cannot delete them accidentally. For standard patrons (which should not be protected in my opinion) a deletion cannot be done by accident, as there is always an inquiry like 'Are you sure ...' Therefore I would suggest that the protect flag should have permissions bound to it or even just be allowed to be set by superlibrarians. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36085 --- Comment #7 from Jake Deery <jake.deery@ptfs-europe.com> --- If I understand, then, the use case for this is really centred around superlibrarians protecting borrowers that are necessary for concurrent integrations to work? If this is so, I think cait's suggestion is probably optimal. It's what I like as well, so unless anyone objects, that's the route I will take. Thanks all for your input! -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36085 --- Comment #8 from Katrin Fischer <katrin.fischer@bsz-bw.de> --- I am not sure I made one :D But do you mean tying to superlibrarian? -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36085 --- Comment #9 from Jake Deery <jake.deery@ptfs-europe.com> --- That's correct cait, and I meant David Cook's comment rather, about using superlibrarian..! Apologies :-) I'll write a patch this afternoon -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36085 --- Comment #10 from Katrin Fischer <katrin.fischer@bsz-bw.de> --- All good! -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36085 --- Comment #11 from Jake Deery <jake.deery@ptfs-europe.com> --- Created attachment 169127 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=169127&action=edit Bug 36085: Only superlibrarians can protect patrons A drive-by patch which hopes to resolve bug 36085 by only allowing superlibrarians to protect or unprotect patrons. Test plan: a) prepare two koha staff users: 1) a superlibrarian 2) a user that only has permission to edit patrons b) when logged in as the user prepared in step a2 (non-superlibrarian), then go to edit any patron *) note how you can set the protected yes/no radios c) apply the patch d) repeat steps a-b as this same user *) note how you can now no longer see the protected yes/no radios e) log in as the user prepared in step a1 (superlibrarian), then repeat steps a-b f) note how the protected yes/no radios are back -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36085 Jake Deery <jake.deery@ptfs-europe.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |Needs Signoff --- Comment #12 from Jake Deery <jake.deery@ptfs-europe.com> --- A quick fix to this solution, until we have had time to think about how we want to handle these kinds of permissions in future..! :-) -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36085 Jan Kissig <bibliothek@th-wildau.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Needs Signoff |Signed Off -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36085 Jan Kissig <bibliothek@th-wildau.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #169127|0 |1 is obsolete| | --- Comment #13 from Jan Kissig <bibliothek@th-wildau.de> --- Created attachment 169129 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=169129&action=edit Bug 36085: Only superlibrarians can protect patrons A drive-by patch which hopes to resolve bug 36085 by only allowing superlibrarians to protect or unprotect patrons. Test plan: a) prepare two koha staff users: 1) a superlibrarian 2) a user that only has permission to edit patrons b) when logged in as the user prepared in step a2 (non-superlibrarian), then go to edit any patron *) note how you can set the protected yes/no radios c) apply the patch d) repeat steps a-b as this same user *) note how you can now no longer see the protected yes/no radios e) log in as the user prepared in step a1 (superlibrarian), then repeat steps a-b f) note how the protected yes/no radios are back Signed-off-by: Jan Kissig <jkissig@th-wildau.de> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36085 Michelle Spinney <mspinney@clamsnet.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mspinney@clamsnet.org -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36085 Christopher Brannon <cbrannon@cdalibrary.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |37532 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=37532 [Bug 37532] Protected status should have a permission to block editing patron -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36085 Paul Derscheid <paul.derscheid@lmscloud.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Signed Off |Passed QA -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36085 Paul Derscheid <paul.derscheid@lmscloud.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #169129|0 |1 is obsolete| | --- Comment #14 from Paul Derscheid <paul.derscheid@lmscloud.de> --- Created attachment 170773 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=170773&action=edit Bug 36085: Only superlibrarians can protect patrons A drive-by patch which hopes to resolve bug 36085 by only allowing superlibrarians to protect or unprotect patrons. Test plan: a) prepare two koha staff users: 1) a superlibrarian 2) a user that only has permission to edit patrons b) when logged in as the user prepared in step a2 (non-superlibrarian), then go to edit any patron *) note how you can set the protected yes/no radios c) apply the patch d) repeat steps a-b as this same user *) note how you can now no longer see the protected yes/no radios e) log in as the user prepared in step a1 (superlibrarian), then repeat steps a-b f) note how the protected yes/no radios are back Signed-off-by: Jan Kissig <jkissig@th-wildau.de> Signed-off-by: Paul Derscheid <paul.derscheid@lmscloud.de> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36085 --- Comment #15 from Paul Derscheid <paul.derscheid@lmscloud.de> --- Created attachment 170774 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=170774&action=edit Bug 36085: (QA follow-up) Tidy members/memberentry.pl -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36085 Katrin Fischer <katrin.fischer@bsz-bw.de> changed: What |Removed |Added ---------------------------------------------------------------------------- QA Contact|testopia@bugs.koha-communit |me@paulderscheid.xyz |y.org | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36085 Katrin Fischer <katrin.fischer@bsz-bw.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|Protected Status should |Setting and unsetting the |come with a permission |protected flag should be | |limited to superlibrarian | |accounts Keywords| |release-notes-needed -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36085 Katrin Fischer <katrin.fischer@bsz-bw.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |additional_work_needed --- Comment #16 from Katrin Fischer <katrin.fischer@bsz-bw.de> --- Are we OK that this change only applies to the GUI, but not to the REST API? What about the patron import? -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36085 Katrin Fischer <katrin.fischer@bsz-bw.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Passed QA |Pushed to main Version(s)| |24.11.00 released in| | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36085 --- Comment #17 from Katrin Fischer <katrin.fischer@bsz-bw.de> --- Pushed for 24.11! Well done everyone, thank you! -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36085 --- Comment #18 from Jake Deery <jake.deery@ptfs-europe.com> --- Yes, we could probably do with a follow-up bug for this. I'll create one. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36085 Jake Deery <jake.deery@ptfs-europe.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |37360 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=37360 [Bug 37360] Add 'Protected Status' as one of the things that can be updated via Batch Patron Modification tool -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36085 Jake Deery <jake.deery@ptfs-europe.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |37815 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=37815 [Bug 37815] Protected flag permissions should be honoured in the REST API -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36085 Jake Deery <jake.deery@ptfs-europe.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords|additional_work_needed | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36085 --- Comment #19 from Jake Deery <jake.deery@ptfs-europe.com> --- See bug 37815 -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36085 Rebecca Coert <rcoert@arlingtonva.us> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |rcoert@arlingtonva.us -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36085 Emily Lamancusa (emlam) <emily.lamancusa@montgomerycountymd.gov> changed: What |Removed |Added ---------------------------------------------------------------------------- Text to go in the| |Only patrons with release notes| |superlibrarian permissions | |will be able to set or | |remove the "Protected" flag | |on patron accounts Keywords|release-notes-needed | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36085 Lucas Gass (lukeg) <lucas@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |lucas@bywatersolutions.com Status|Pushed to main |Needs documenting --- Comment #20 from Lucas Gass (lukeg) <lucas@bywatersolutions.com> --- Enhancement wont be backpoted to 24.05.x -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36085 Marion Durand <marion.durand@biblibre.com> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.koha-community | |.org/bugzilla3/show_bug.cgi | |?id=39650 -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36085 carthur@slolibrary.org <carthur@slolibrary.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |carthur@slolibrary.org -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36085 Chip Halvorsen <Chip.Halvorsen@WestlakeLibrary.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |Chip.Halvorsen@WestlakeLibr | |ary.org -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36085 --- Comment #21 from carthur@slolibrary.org <carthur@slolibrary.org> --- Looking forward to this! -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36085 Michael Adamyk <michael.adamyk@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |michael.adamyk@bywatersolut | |ions.com -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36085 Caroline Cyr La Rose <caroline.cyr-la-rose@inlibro.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |caroline.cyr-la-rose@inlibr | |o.com --- Comment #22 from Caroline Cyr La Rose <caroline.cyr-la-rose@inlibro.com> --- Is it on purpose that superlibrarians can no longer protect patrons upon creation? 1. With a superlibrarian account, go to Patrons > New patron > Choose any category --> Before this patchset : In "Library management" section, there is a Protected yes/no field --> After this patchset : the Protected option is no longer there. If I create a SIP account, I now have to create the account, then go back an edit it to add the protection. I'm wondering if this is an unexpected side-effect or on purpose... -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36085 Paul Derscheid <paul.derscheid@lmscloud.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |paul.derscheid@lmscloud.de --- Comment #23 from Paul Derscheid <paul.derscheid@lmscloud.de> --- Doesn't look like it. I think this is a bug. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36085 --- Comment #24 from Caroline Cyr La Rose <caroline.cyr-la-rose@inlibro.com> --- (In reply to Paul Derscheid from comment #23)
Doesn't look like it. I think this is a bug.
Thanks Paul, I'll file a bug report then! -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36085 Caroline Cyr La Rose <caroline.cyr-la-rose@inlibro.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |41946 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=41946 [Bug 41946] Superlibrarian should be able to set protected status on patron creation -- You are receiving this mail because: You are watching all bug changes.
participants (1)
-
bugzilla-daemon@bugs.koha-community.org