https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=38040
--- Comment #33 from David Cook <[email protected]> --- Created attachment 179714 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=179714&action=edit Bug 38040: [alternate] Restrict hold management if cannot see patron data This patch leverages the Koha::Patron->can_see_patron_infos() function to determine whether or not the UI will display hold management functions. If the logged in user cannot see the patron info, it seems to follow that they should not be able to manage the hold either. NOTE: This should work for both IndependentBranches and Library Group functionality. This is only the front-end modification. To be coded: a back-end modification that throws a 403 for stateful actions to holds the logged in user is not allowed to manage. -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
