https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35227
--- Comment #2 from Marcel de Rooy <[email protected]> --- Testing with user acevedo giving him label_creator and staff access. Fill few 'sensitive' fields like address, date_of_birth, email, mobile, staff_notes. Check results for /api/v1/patrons Acevedo received [partial output] for another patron (superlib): { "address": "Geheim adres", "cardnumber": "1", "category_id": "S", "check_previous_checkout": "inherit", "date_enrolled": "2023-11-02", "date_of_birth": "2000-11-01", "email": "[email protected]", "expiry_date": "2099-12-31", "firstname": "Koha", "lang": "default", "library_id": "MPL", "login_attempts": 0, "mobile": "p3", "patron_id": 1, "phone": "p1", "privacy": 1, "privacy_guarantor_checkouts": 0, "secondary_phone": "p2", "staff_notes": "circ_notes", "surname": "Admin", "updated_on": "2023-11-02T08:26:04+00:00", "userid": "koha.admin" }, How did the authorization go ? is_accessible => can_see_patron_infos => can_see_patrons_from => can_see_things_from + permission => 'borrowers', subpermission => 'view_borrower_infos_from_any_libraries', can_see_things_from RETURNS 1 for own branch ! In contrast to the POD line: Return true if the I<Koha::Patron> can perform some action on the given thing => The permission passed is only checked after if ( $self->branchcode eq $branchcode ) { $can = 1; -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
