[Koha-bugs] [Bug 18403] Hide patron information if not part of the logged in user library group

bugzilla-daemon at bugs.koha-community.org bugzilla-daemon at bugs.koha-community.org
Mon Apr 10 23:32:24 CEST 2017


https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18403

--- Comment #1 from Jonathan Druart <jonathan.druart at bugs.koha-community.org> ---
Created attachment 62010
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=62010&action=edit
Bug 18403: Hide patron information if not part of the logged in user library
group

This patchset adds a new feature that will allow libraries inside a
single Koha installation to restrict access to information of patrons
that

The group of libraries feature is introduced by bug 15707, see this bug for
more
information.

Let's imagine that 2 groups G1 and G2 are defined and that they include 2
libraries
each G1a, G1b and G2c, G2d: logged in users attached to G1a will only see
patron's
information from G1a and G1b.
To add more flexibility, a new user permission named
'view_borrower_infos_from_any_libraries'
will drive this behavior. If set, the patron will be able to see patron's
information
of any libraries.

If the restriction is set, the logged in user will not be able to search, show,
edit,
delete patron's information of patrons attached to groups of libraries outside
his
own group.
In situations we need to refer to a patron, for holds and checkouts for
instance,
and his information cannot be viewed, a text "A patron from library G1A" will
be
displayed.

Considered unecessary or outside the scope of this bug report:
* The report module is not affected by this feature for obvious reasons
* The firstname and surname of guarantors, basket (acq) managers, patrons
linked
to orders are still displayed.
* Log viewer: Can only be staff
* patron list: you cannot add patrons from another group of librairies, but can
see/delete from list (too much rewrite, or we can test for patron one by one?).
* "Patron card creator" tool is not impacted by this feature.
* Upload patron images is not impacted by this patch, should it be?
* Tools:
  - Upload patrons
  - Clean borrowers tool (This can can done easily updating
Koha::Patrons->search
with Koha::Patrons->search_limited in search_upcoming_membership_expires and
search_patrons_to_anonymise but we will need to move GetBorrowersToExpunge to
Koha::Patrons first)
We can discuss these different points but will be other bug reports not to add
more complexity to this first patchset.

Test plan:
You will find a test plan in the following commit messages.
Start by creating different group of libraries and patrons with and without the
new permission. Open different browser sessions to ease the tests.
Note that all patches have to be applied to test the different test plans.

Technical notes:
For QAers (and others) a techical note will be added to the commit messages of
this
patchset. I would recommend you to read them one by one to understand the
different
steps of this development.

+ Special attention should be payed to the REST api changes
+ Should we restrict the logged in user to libraries from his group when
he wants to set his library (Home › Circulation › Set library)?

-- 
You are receiving this mail because:
You are watching all bug changes.


More information about the Koha-bugs mailing list