[Koha-devel] Exporting patron related data in REST API
Tomas Cohen Arazi
tomascohen at gmail.com
Thu Mar 18 02:10:01 CET 2021
Answering briefly because it is late. Will follow-up tomorrow. But prefered
to post now so you can think about it while I sleep!
Take a look at the patrons or better the orders routes and the x-koha-embed
header. It will take the output of an object method and try to call
->to_api recursively. If the method matches the name of a dbic relationship
it will allow filtering and prefetching the related things in the query.
With this mindset, what you would want to do is (probably) add methods and
list them in x-koha-embed. This is the 'you need to know what you want to
include' approach. But it will finally be something hardcore in the calling
page... Si not big deal in my opinion.
About the public part (and add an alternative to the previous paragraph),
to_api is designed so we can add more params that are passed to the
recursive calls. Look for the public items route bug. There, I introduce a
generic way for defining the to_api_public method to be called when
required. I wasn't sure about 'public' to be honest. It fits, but I feel
more attached to the idea of profiles. GDPR could be yet another profile.
I'd say 'what to include' should be configurable in an admin page.
My two cents.
El mié., 17 mar. 2021 21:28, Lari Taskula <lari.taskula at hypernova.fi>
escribió:
> Hi devs,
>
> I would appreciate your feedback on a couple of issues regarding Bug 20028
> that attempts to export all patron related personal data in one package.
> I'm having difficulties in choosing the best approach, so the help of fresh
> minds would be awesome.
>
> These are my questions.
>
> a) Code-wise, manually define what to include into the export, or
> automatically select all related objects with the help of DBIx
> relationships?
> 1.
> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=79381&action=diff
> and https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20028#c11
> 2. https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20028#c21
>
> I have written some proof of concept patches for the second approach of
> fetching related data by DBIx relationships. The idea behind this was
> that, assuming foreign keys are appropriately defined at database level, it
> would always return related data without us having to worry when a new
> patron-related database modification gets introduced. However, then we have
> to be sure we are not accidentally returning some unwanted columns.
>
> Explicitly defining what to include offers more straightforward control,
> but it's going to be a lot of objects (around 50, these are listed in the
> Bug), maintenance and the risk of data missing from the export after a
> database update. In terms of GDPR and good privacy practices in general it
> would not be nice if something was missing from the export.
>
> b) Terminology?
> What to do with REST API terminology for the response object (i.e.
> borrower vs patron)? A patron has many, many related objects, so how do we
> describe those objects in a way that satisfies our terminology
> requirements. We could use Koha-objects to_api(), or create a new
> to_public_api() for the purpose of public routes, but for some objects it's
> currently not possible (such as messaging preferences) because they are in
> development. Is it even in the scope of this Bug to worry about that? If we
> chose the manual path of explicitly defining what to export, like what was
> done in the original patch (see a.1.), terminology issues could perhaps be
> more easily tackled.
>
> If you have a moment, please check out the Bug, add some feedback and let
> me know which approach you'd prefer. Or perhaps you have even a better
> solution ;)
>
> Bug 20028: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20028
>
> --
> Lari Taskula
> CEO, Hypernova Oy
> PL 16
> 80101 Joensuu, Finland
>
> _______________________________________________
> Koha-devel mailing list
> Koha-devel at lists.koha-community.org
> https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel
> website : https://www.koha-community.org/
> git : https://git.koha-community.org/
> bugs : https://bugs.koha-community.org/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.koha-community.org/pipermail/koha-devel/attachments/20210317/11d90939/attachment.htm>
More information about the Koha-devel
mailing list