https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30230
--- Comment #11 from David Cook <[email protected]> --- (In reply to David Cook from comment #10) > Note the autocomplete also gives a 403... {"error":"Authorization failure. Missing required permission(s).","required_permissions":[{"borrowers":"edit_borrowers"},{"tools":"label_creator"},{"serials":"routing"},{"acquisition":"order_manage"}]} -- The authorizations/permissions need a comprehensive review/restructure. I think we've known that for a while. For instance, the reason why I can't retrieve patrons from other branches for checkout is because I don't have the sub permission "view_borrower_infos_from_any_libraries". But because I don't have "edit_borrower", I can't see borrower info from my current library either anyways. The authorization here makes no sense. -- I don't think this issue is really fixable on its own. It would require systemic changes to other functionality to really get it right. A short-term fix might be to create a new subpermission called "view_borrowers" and require circ staff to have that but even that's not quite right. We've worked ourselves into a corner with the current permissions and the functionality. Maybe we do just let "circulate_remaining_permissions" view member.pl and have that implicitly have the ability to "view patron information" despite it not really adhering to the explicit goals of the permission system. That's probably the unfortunate solution here... -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
