https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30230
--- Comment #37 from David Cook <[email protected]> --- (In reply to Lucas Gass from comment #36) > > This permission is only there to allow search and list view of members, no > > access to the details of each member (moremember.pl) and therefore in my > > opinion no update... I've missed something else, or perhaps I'm > > misunderstanding you. > > If staff can see/view borrower information before the patchset they need to > have the same behavior after the patchset. I agree with Lucas. Another way to think of it is as "view" rather than "list". The user could just visit http://localhost:8081/api/v1/patrons?_page=1&_per_page=100 and see all the details, so it doesn't really make sense to stop them from seeing the moremember.pl page. (We just need to make sure someone with list_borrowers only can't add/update borrowers. They're fine to view them.) -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
