https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28680
Bug ID: 28680
Summary: Staff without edit_borrower permission still see
patron information
Change sponsored?: ---
Product: Koha
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P5 - low
Component: Patrons
Assignee: koha-bugs@lists.koha-community.org
Reporter: bwsdo...@gmail.com
QA Contact: testo...@bugs.koha-community.org
CC: gmcha...@gmail.com, kyle.m.h...@gmail.com
The permission edit_borrowers specifies: Add, modify and view patron
information. However, when that permission is not enabled, staff can view
patron information in a number of places, including holds queue,
circulation.pl, waitingreserves.pl, and pendingreserves.pl.
In the Holds Queue staff can see patron name and other info for patrons at
their library, but patrons from other libraries show "patron from central
branch" etc. When looking at a bib record, if an item is checked out, only the
borrower number is displayed.
This should be consistent, where staff without that permission only see a
borrower number and nothing else.
To replicate, create a staff member with only permissions catalogue ( to log
in) and circulate_remaining_permissions. Check out to a patron, see the holds
queue, etc and see that the patron information is displayed.
--
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
_______________________________________________
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
