[Koha-bugs] [Bug 20956] BorrowersLog is not logging permission changes
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20956 --- Comment #18 from Fiona Borthwick --- Would like to resurrect this one please. Not storing changes to patron permissions is a security concern. We are also finding this requirement coming up in tenders. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 20956] BorrowersLog is not logging permission changes
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20956 Fiona Borthwick changed: What|Removed |Added CC||fiona.borthwick@ptfs-europe ||.com -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 20956] BorrowersLog is not logging permission changes
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20956 --- Comment #17 from Katrin Fischer --- I agree that we need a nice display in the log viewer at least, if we store it somewhat machine readable I would not mind that much as long as it display nicely in the GUI. Please also keep translatability in mind (also a pro for a template side solution). -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 20956] BorrowersLog is not logging permission changes
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20956 --- Comment #16 from Christopher Brannon --- (In reply to Magnus Enger from comment #14) > How verbose should we do the logging? As far as I can tell, the information > about permissions is stored in a combination of borrowers.flags and the > user_permissions table. > > The information from the user_permissions table could probably be logged as > is, and be pretty readable. > > But the flags is just a number, that needs to be interpreted in some way to > make sense. Should we log just the number, or the interpretation? If this is a log that a non-admin should be able to interpret, it should be the interpretation. You could log both, especially for debugging, but the interpretation should definitely be there. Why put only the number and make people jump through hoops to interpret if the system can do it without sacrificing performance? -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 20956] BorrowersLog is not logging permission changes
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20956 --- Comment #15 from Kyle M Hall --- (In reply to Magnus Enger from comment #14) > How verbose should we do the logging? As far as I can tell, the information > about permissions is stored in a combination of borrowers.flags and the > user_permissions table. > > The information from the user_permissions table could probably be logged as > is, and be pretty readable. > > But the flags is just a number, that needs to be interpreted in some way to > make sense. Should we log just the number, or the interpretation? My initial concern was performance, but considering user permissions changes are not a frequent activity I think either solution is reasonable. Either decode it and store it as a list of key/value pairs or just log the binary representation with a link to a wiki page where we can explain how to decode it. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 20956] BorrowersLog is not logging permission changes
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20956 Magnus Enger changed: What|Removed |Added CC||mag...@libriotech.no --- Comment #14 from Magnus Enger --- How verbose should we do the logging? As far as I can tell, the information about permissions is stored in a combination of borrowers.flags and the user_permissions table. The information from the user_permissions table could probably be logged as is, and be pretty readable. But the flags is just a number, that needs to be interpreted in some way to make sense. Should we log just the number, or the interpretation? -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 20956] BorrowersLog is not logging permission changes
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20956 Lisette Scheer changed: What|Removed |Added CC||lisette.scheer@bywatersolut ||ions.com -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 20956] BorrowersLog is not logging permission changes
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20956 Kyle M Hall changed: What|Removed |Added See Also||https://bugs.koha-community ||.org/bugzilla3/show_bug.cgi ||?id=16436 -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 20956] BorrowersLog is not logging permission changes
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20956 --- Comment #13 from Katrin Fischer --- We just had a case where this kind of log would have been very useful. (In reply to Katrin Fischer from comment #11) > There are scripts that delete older entries from action_logs, something to > think about if you don't want these to be deleted by accident. We can limit deletions now to certain modules and even actions I think. So that should no longer be a problem. To be on the save side we could create a PermissionLog maybe? Keep it separate from other changes to the patron record and a separate module. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 20956] BorrowersLog is not logging permission changes
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20956 --- Comment #12 from David Cook --- (In reply to Katrin Fischer from comment #11) > There are scripts that delete older entries from action_logs, something to > think about if you don't want these to be deleted by accident. I suppose that's a problem we'll face with any kind of logging potentially. But that does explain Kyle's suggestion of logging it outside of Koha. Log rotation would be up to the sysadmins. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 20956] BorrowersLog is not logging permission changes
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20956 --- Comment #11 from Katrin Fischer --- There are scripts that delete older entries from action_logs, something to think about if you don't want these to be deleted by accident. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 20956] BorrowersLog is not logging permission changes
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20956 David Cook changed: What|Removed |Added CC||dc...@prosentient.com.au --- Comment #10 from David Cook --- I reckon we log it in action_logs, but just make it so that it can't be toggled off. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 20956] BorrowersLog is not logging permission changes
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20956 --- Comment #9 from Katrin Fischer --- I think action_logs would be the logical place for it as it also has the other changes to the patron account for the librarians as it can be looked up easily then, but something extermal might be nice additionally. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 20956] BorrowersLog is not logging permission changes
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20956 Kyle M Hall changed: What|Removed |Added CC||k...@bywatersolutions.com --- Comment #8 from Kyle M Hall --- It would be good to also log permission changes via Koha::Logger with a namespace so these changes can be logged to external facilities. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 20956] BorrowersLog is not logging permission changes
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20956 Tomás Cohen Arazi changed: What|Removed |Added CC||tomasco...@gmail.com --- Comment #7 from Tomás Cohen Arazi --- Should it be in the action_logs? Maybe another table? -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 20956] BorrowersLog is not logging permission changes
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20956 Liz Rea changed: What|Removed |Added Priority|P5 - low|P2 Severity|enhancement |major --- Comment #6 from Liz Rea --- Also, due to the legalities, this is an actual missing feature that qualifies as a bug. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 20956] BorrowersLog is not logging permission changes
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20956 Liz Rea changed: What|Removed |Added CC||wizzy...@gmail.com --- Comment #5 from Liz Rea --- We definitely want to come back to this, there is a whole slew of legislation out right now that is going to require certifications that changes such as this can be audited (at least in the US, and I presume elsewhere). -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 20956] BorrowersLog is not logging permission changes
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20956 Lisette Scheer changed: What|Removed |Added CC||lisettesla...@gmail.com -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 20956] BorrowersLog is not logging permission changes
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20956 --- Comment #4 from Katrin Fischer --- It looks like bug 20813 is not happening, we might want to come back to this. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 20956] BorrowersLog is not logging permission changes
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20956 Katrin Fischer changed: What|Removed |Added Blocks||22794 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22794 [Bug 22794] Omnibus: Improve and extend logging in Koha -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 20956] BorrowersLog is not logging permission changes
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20956 --- Comment #3 from Christopher Brannon --- I'm fine with waiting. Added dependency. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 20956] BorrowersLog is not logging permission changes
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20956 Christopher Brannon changed: What|Removed |Added Depends on||20813 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 [Bug 20813] Revamp user permissions system -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 20956] BorrowersLog is not logging permission changes
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20956 Katrin Fischer changed: What|Removed |Added See Also||https://bugs.koha-community ||.org/bugzilla3/show_bug.cgi ||?id=20813 Severity|major |enhancement CC||katrin.fisc...@bsz-bw.de --- Comment #2 from Katrin Fischer --- I agree with both Christopher and Jonathan. We never logged permissions and this has never come up before, so I would also classify this as an enhancement. But at the same time I think it would be a very good and valuable addition. Currently there is some work done on permissions, we might want to wait for bug 20813 before implementing this. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 20956] BorrowersLog is not logging permission changes
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20956 Jonathan Druart changed: What|Removed |Added CC||jonathan.dru...@bugs.koha-c ||ommunity.org Version|17.05 |master --- Comment #1 from Jonathan Druart --- It sounds more like an enhancement request. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 20956] BorrowersLog is not logging permission changes
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20956 Josef Moravec changed: What|Removed |Added CC||josef.mora...@gmail.com -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
