[Koha-bugs] [Bug 24964] Do not filter patrons AFTER they have been fetched from the DB (when searching with permissions)

bugzilla-daemon at bugs.koha-community.org bugzilla-daemon at bugs.koha-community.org
Wed Mar 25 12:37:03 CET 2020 

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=24964

Jonathan Druart <jonathan.druart at bugs.koha-community.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
 Attachment #101669|0                           |1
        is obsolete|                            |

--- Comment #3 from Jonathan Druart <jonathan.druart at bugs.koha-community.org> ---
Created attachment 101686
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=101686&action=edit
Bug 24964: Do not filter patrons after they have been fetched

The svc/members/search script is called in different places.
In some places (Set owner for a fund, add users to a fund, or set a
manager to a suggestion), we need patrons to be filtered depending on
the permissions they have.
For instance you can only set a fund's owner with a patron that has
acquisition.order_manage.

Currently we have fetching X (default 20) patrons, then filter them
depending on their permission.
Says you have 3 patrons that have the correct permissions but are not in
the 20 first patrons, if you do not define a search term, the search
result will be empty.

This is not ideal and we should filter when requesting the DB.

Test plan:
- Have more than 20 patrons, remove them their permissions
- Create 3 more:
1 superlibrarian
1 with the full acq permission
1 with acquisition.order_manage
- Create a fund and set a owner
- Search for patrons, without specifying a search term (to get them all)
=> Without this patch the new patrons you created are not displayed
=> With this patch they are!

Same test plan apply to set a manager to a suggestion (freshly pushed,
see bug 23590), with suggestions and suggestions.suggestions_manage

Note: The code has been written that way to rely on
C4::Auth::haspermission, but the SQL query is quite trivial and the gain
is important.

-- 
You are receiving this mail because:
You are watching all bug changes.

More information about the Koha-bugs mailing list