[Koha-bugs] [Bug 37228] New: API endpoint to set password for patron requires full borrowers permission, but should only require 'edit_borrowers'

bugzilla-daemon--- via Koha-bugs Mon, 01 Jul 2024 11:04:45 -0700

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=37228


            Bug ID: 37228
           Summary: API endpoint to set password for patron requires full
                    borrowers permission, but should only require
                    'edit_borrowers'
 Change sponsored?: ---
           Product: Koha
           Version: Main
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P5 - low
         Component: REST API
          Assignee: [email protected]
          Reporter: [email protected]
                CC: [email protected]

On the staff side, a user with only edit_borrowers permission can change the
password on a patron account. That should be sufficient for changing the
password via API as well.

-- 
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
_______________________________________________
Koha-bugs mailing list
[email protected]
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 37228] New: API endpoint to set password for patron requires full borrowers permission, but should only require 'edit_borrowers'

Reply via email to