[Koha-devel] Exporting patron related data in REST API

Lari Taskula lari.taskula at hypernova.fi
Thu Mar 18 01:28:25 CET 2021 

Hi devs,

I would appreciate your feedback on a couple of issues regarding Bug
20028 that attempts to exportall patron related personal data in one
package. I'm having difficulties in choosing the best approach, so the
help of fresh minds would be awesome.

These are my questions.

a) Code-wise, manually define what to include into the export, or
automatically select all related objects with the help of DBIx
relationships?
1.
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=79381&action=diff
and https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20028#c11
2. https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20028#c21
 
I have written some proof of concept patches for the second approach of
fetching related data by DBIx relationships. The idea behind this was
that, assuming foreign keys are appropriately defined at database level,
it would always return related data without us having to worry when a
new patron-related database modification gets introduced. However, then
we have to be sure we are not accidentally returning some unwanted columns.

Explicitly defining what to include offers more straightforward control,
but it's going to be a lot of objects (around 50, these are listed in
the Bug), maintenance and the risk of data missing from the export after
a database update. In terms of GDPR and good privacy practices in
general it would not be nice if something was missing from the export.

b) Terminology?
What to do with REST API terminology for the response object (i.e.
borrower vs patron)? A patron has many, many related objects, so how do
we describe those objects in a way that satisfies our terminology
requirements. We could use Koha-objects to_api(), or create a new
to_public_api() for the purpose of public routes, but for some objects
it's currently not possible (such as messaging preferences) because they
are in development. Is it even in the scope of this Bug to worry about
that? If we chose the manual path of explicitly defining what to export,
like what was done in the original patch (see a.1.), terminology issues
could perhaps be more easily tackled.

If you have a moment, please check out the Bug, add some feedback and
let me know which approach you'd prefer. Or perhaps you have even a
better solution ;)

Bug 20028: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20028

-- 
Lari Taskula
CEO, Hypernova Oy
PL 16
80101 Joensuu, Finland

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.koha-community.org/pipermail/koha-devel/attachments/20210318/6b4062f6/attachment.htm>

More information about the Koha-devel mailing list