[Bug 35227] REST API: Restricted staff users can see patron info (not exposed via UI)
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35227 --- Comment #1 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- Current API authorizations in this context: /patrons: get: x-koha-authorization: permissions: - borrowers: "edit_borrowers" - tools: "label_creator" - serials: "routing" - acquisition: "order_manage" post: x-koha-authorization: permissions: borrowers: edit_borrowers "/patrons/{patron_id}": get: x-koha-authorization: permissions: borrowers: edit_borrowers put: x-koha-authorization: permissions: borrowers: "1" delete: x-koha-authorization: permissions: borrowers: delete_borrowers -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
participants (1)
-
bugzilla-daemon@bugs.koha-community.org