https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=43030

--- Comment #9 from Martin Renvoize (ashimema) 
<[email protected]> ---
Created attachment 201754
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=201754&action=edit
Bug 43030: Allow self-access to /patrons and /patrons/{patron_id}

Adds allow-owner to the GET /patrons collection and GET/PUT
/patrons/{patron_id} endpoints, so a staff member without
list_borrowers/edit_borrowers can still view/edit their own patron
record, scoped automatically to just themselves on the collection.

update() now fetches via objects.find_rs (Koha::Patrons->new, not
->search_limited) so it goes through the new ownership check without
also picking up the unrelated branch-visibility restriction that
search_limited applies to get()/list() -- update never had that
restriction and picking it up would silently break staff who hold
edit_borrowers but not view_borrower_infos_from_any_libraries.

-- 
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
_______________________________________________
Koha-bugs mailing list
[email protected]
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

Reply via email to