https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16631
Andrew Fuerste-Henry <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #129 from Andrew Fuerste-Henry <[email protected]> --- Where you've used the term "branch," you should instead use "library" (https://wiki.koha-community.org/wiki/Terminology) The model here is a bit inconsistent with how Koha manages library limitations and the related permission in other cases. For patron data, we have the permissions "edit_borrowers" and "view_borrower_infos_from_any_libraries." With just "edit_borrowers," one can interact with only patrons from one's own library/group and any patron one creates is automatically set to one's own library/group. When "view_borrower_infos_from_any_libraries" is added, one can interact with patrons from any library and choose any library when creating a patron. As you've implemented this, users without "Manage report limits" can only create reports that are shown to the whole system. It would be helpful if such a user were able to limit a report they create to only their own library. Similarly, it would be helpful if such a user were able to filter the list of saved reports to show only the reports limited to their library (hiding the reports without limits). I'd like to see the "Manage report limits" permission here changed to "View all reports" and for these permissions to be enforced such that: - a user with create_reports but not view_all_reports can save a report as either un-limited or limited to only their own library. - a user with execute_reports but not view_all_reports can see reports without library limit or reports limited to their library and can use the library filter on the list of saved reports - a user with delete_reports but not view_all_reports can *only* delete reports limited to their own library. This makes deletion inconsistent with creation and execution, but I think that inconsistency is outweighed by the worry that a user will delete system-wide reports that other libraries depend on. Maybe we also need a distinct delete_all_reports permission? The issue of system-wide report deletion also exists with the existing permissions structure of your patches. -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
