https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=43030
--- Comment #9 from Martin Renvoize (ashimema) <[email protected]> --- Created attachment 201754 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=201754&action=edit Bug 43030: Allow self-access to /patrons and /patrons/{patron_id} Adds allow-owner to the GET /patrons collection and GET/PUT /patrons/{patron_id} endpoints, so a staff member without list_borrowers/edit_borrowers can still view/edit their own patron record, scoped automatically to just themselves on the collection. update() now fetches via objects.find_rs (Koha::Patrons->new, not ->search_limited) so it goes through the new ownership check without also picking up the unrelated branch-visibility restriction that search_limited applies to get()/list() -- update never had that restriction and picking it up would silently break staff who hold edit_borrowers but not view_borrower_infos_from_any_libraries. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
