https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29523
--- Comment #163 from Martin Renvoize <[email protected]> --- Regarding permissions.. So long as your user does not have 'view_borrower_infos_from_any_libraries' permission and they're not in a library group with other libraries and permission to view users within the group.. said user should receive a redacted copy of any user who resides in another library than their own when fetching them from the API via a search or an embed. (I believe we still return a 404 should they try to retrieve such a borrower directly however..?) So.. in short.. create a user (patron A) in one library with the catalogue permission only. Create some other patrons in other libraries. Test the API using patron A for login and confirm that your other patrons are returned in a redacted form (with most fields set to 'null' in the json response). -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
