--- Comment #63 from Jonathan Druart <> 
Created attachment 71500
Bug 18403: Hide patron information if not part of the logged in user library

This patchset adds a new feature that will allow libraries inside a
single Koha installation to restrict access to information of patrons

The group of libraries feature is introduced by bug 15707, see this bug for

Let's imagine that 2 groups G1 and G2 are defined and that they include 2
each G1a, G1b and G2c, G2d: logged in users attached to G1a will only see
information from G1a and G1b.
To add more flexibility, a new user permission named
will drive this behavior. If set, the patron will be able to see patron's
of any libraries.

If the restriction is set, the logged in user will not be able to search, show,
delete patron's information of patrons attached to groups of libraries outside
own group.
In situations we need to refer to a patron, for holds and checkouts for
and his information cannot be viewed, a text "A patron from library G1A" will

Considered unecessary or outside the scope of this bug report:
* The report module is not affected by this feature for obvious reasons
* The firstname and surname of guarantors, basket (acq) managers, patrons
to orders are still displayed.
* Log viewer: Can only be staff
* patron list: you cannot add patrons from another group of librairies, but can
see/delete from list (too much rewrite, or we can test for patron one by one?).
* "Patron card creator" tool is not impacted by this feature.
* Upload patron images is not impacted by this patch, should it be?
* Tools:
  - Upload patrons
  - Clean borrowers tool (This can can done easily updating
with Koha::Patrons->search_limited in search_upcoming_membership_expires and
search_patrons_to_anonymise but we will need to move GetBorrowersToExpunge to
Koha::Patrons first)
We can discuss these different points but will be other bug reports not to add
more complexity to this first patchset.

Test plan:
You will find a test plan in the following commit messages.
Start by creating different group of libraries and patrons with and without the
new permission. Open different browser sessions to ease the tests.
Note that all patches have to be applied to test the different test plans.

Technical notes:
For QAers (and others) a techical note will be added to the commit messages of
patchset. I would recommend you to read them one by one to understand the
steps of this development.

+ Special attention should be payed to the REST api changes
+ Should we restrict the logged in user to libraries from his group when
he wants to set his library (Home › Circulation › Set library)?

Signed-off-by: Signed-off-by: Jon McGowan <>

Signed-off-by: Jonathan Druart <>

You are receiving this mail because:
You are watching all bug changes.
Koha-bugs mailing list
website :
git :
bugs :

Reply via email to