https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36561
--- Comment #17 from David Cook <[email protected]> --- (In reply to Katrin Fischer from comment #16) > I feel like the permission description as is might cause some confusion > around staff, especially as it's currently only used on the API and has no > effect in the interface. > > Suggestion: > Verify user credentials via REST API That's a good point. I'd be happy with that suggestion. > I am not super happy about having a permission that only really makes sense > for the API right now, but not sure what else we could do? I agree that it feels weird, but I think over time it'll make more sense, especially if we grouped them. The other day I was setting up a SIP2 user, and I had no idea what permissions it should have. I patterned it off a previous one I'd set up, but it got me thinking how many unintended consequences can occur from our current permissions, especially in terms of interplay with the API. Realistically, you just want a SIP user to be able to connect to the SIP server and do SIP operations. I think many of us know our permission system is overdue for an overhaul, but no one is sure what direction to go. (I recall Martin suggesting how the Koha Foundation getting a consultant could be handy for architectural directions, and this is one that could be a good target...) > > Also: Should we do a database update assigning this permission to users with > borrowers permission currently? No, because the "borrowers" permission is already the top level, and they implicitly have this permission. We'd just want to encourage people to use this fine-grained permission moving forward. -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
