[Koha-bugs] [Bug 18787] Create permission profiles for staff users
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18787 Brendan Lawlor changed: What|Removed |Added CC||[email protected] -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 18787] Create permission profiles for staff users
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18787 David Cook changed: What|Removed |Added See Also||https://bugs.koha-community ||.org/bugzilla3/show_bug.cgi ||?id=20813 --- Comment #14 from David Cook --- (In reply to Lisette Scheer from comment #13) > Martin and I were talking recently and I'm hoping to work together with > folks at KohaCon for a rough spec of what all needs to get done that we > could finalize and try and finish at/hackfest 2026. I added a lightning talk > about what Martin and I came up with to help let people know it's a > discussion we'd like to start. > > Kyle's bug is 20813. > I filed 2 related bugs at KohaCon 2024 that are linked on 20813 that are the > main to do's that were blocking Kyle's work. Thanks for that, Lisette. We'll certainly need to put our heads together I reckon. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. ___ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 18787] Create permission profiles for staff users
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18787 --- Comment #13 from Lisette Scheer --- Martin and I were talking recently and I'm hoping to work together with folks at KohaCon for a rough spec of what all needs to get done that we could finalize and try and finish at/hackfest 2026. I added a lightning talk about what Martin and I came up with to help let people know it's a discussion we'd like to start. Kyle's bug is 20813. I filed 2 related bugs at KohaCon 2024 that are linked on 20813 that are the main to do's that were blocking Kyle's work. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. ___ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 18787] Create permission profiles for staff users
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18787 --- Comment #12 from David Cook --- I think this would be an interesting one to work on, but I think it would probably require a handful of devs to collaborate on / agree on the design. I think it would be too risky for one person to write up the whole thing only to find that it doesn't get any traction. -- I don't have any sponsorship for this one, but being able to provide default permissions by patron category has been on my backlog TODO list for over 12 years now, so it would be great to find a solution in some way, shape, or form. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug. ___ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 18787] Create permission profiles for staff users
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18787 --- Comment #11 from David Cook --- Of course, the backend could be complicated, if we wanted to change how we do permissions a bit. Like would we map flags and subpermissions, or would we use a more expressive way of recording permissions per role? I think @Kyle had a bug report for that years ago but not sure what happened to it. I think it may have scared people, since permissions are such a central part of Koha, and change is scary. Not sure. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug. ___ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 18787] Create permission profiles for staff users
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18787
--- Comment #10 from David Cook ---
Thinking about where we'd need to update...
I think ultimately a user's permissions get returned by "getuserflags" in
C4/Auth.pm. The flags are used in "get_authz_from_flags" in
Koha/Auth/Permissions.pm to the "CAN_user_$module_$subperm" mappings, and
"haspermission" in C4/Auth.pm checks $flagsrequired (e.g. { self_check =>
'self_checkin_module' } ) against $flags from "getuserflags".
--
I actually have a user audit tool in my local Koha that shows you a
table/matrix of your users and their permissions, and that also uses
C4::Auth::getuserflags() to get a user's permissions, so that would dovetail
well too...
--
In theory, adding a simple role-based permission model might actually not be
too hard on the backend...
Looking at ./members/member-flags.pl it seems that the permissions shown are
derived more directly from the DB, so that's good. That said, I think we'd want
a way to show patrons their "effective permissions" too.
In the end, I think the UI/UX is probably going to be the hardest part of this
change actually.
--
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
___
Koha-bugs mailing list
[email protected]
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 18787] Create permission profiles for staff users
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18787 --- Comment #9 from David Cook --- Thinking about this again... and there really are a variety of options. 1. Default permissions by patron category at patron create time 2. Permission profiles chosen specifically at patron create time 3. Permissions by patron category that get merged into individual patron permissions at authorisation check time 4. Permissions by profile/role that get merged into individual patron permissions at authorisation check time 5. Others? Default permissions at patron create time would be easiest and the first one where it's done by patron category would be the easiest because it would require the fewest changes. But... lots of libraries have a single "Library Staff" category which wouldn't really fit the needs of different staff members performing different roles that need different permissions. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. ___ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 18787] Create permission profiles for staff users
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18787 Lisette Scheer changed: What|Removed |Added CC||[email protected] ||m -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 18787] Create permission profiles for staff users
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18787 --- Comment #8 from David Cook --- (In reply to David Cook from comment #7) > Thinking about this one again... > > Technically, you could do a version of this using IntranetUserJS. On the > /cgi-bin/koha/members/member-flags.pl page you could have a little dropdown > and when you select the desired profile it could check the necessary boxes > for you. > > It would be a very light touch semi-automated solution. > > I think a community supported version could have a database table for > storage, Vue UI for CRUD of profiles, and then on > /cgi-bin/koha/members/member-flags.pl still use the Javascript idea to > pre-select boxes based off the profile. (Alternatively, you could have some > other mechanism for doing the update, but it's an easy one.) And actually... I suspect we could leverage bug 30623 here as well... -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. ___ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 18787] Create permission profiles for staff users
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18787 --- Comment #7 from David Cook --- Thinking about this one again... Technically, you could do a version of this using IntranetUserJS. On the /cgi-bin/koha/members/member-flags.pl page you could have a little dropdown and when you select the desired profile it could check the necessary boxes for you. It would be a very light touch semi-automated solution. I think a community supported version could have a database table for storage, Vue UI for CRUD of profiles, and then on /cgi-bin/koha/members/member-flags.pl still use the Javascript idea to pre-select boxes based off the profile. (Alternatively, you could have some other mechanism for doing the update, but it's an easy one.) -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug. ___ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 18787] Create permission profiles for staff users
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18787 David Cook changed: What|Removed |Added CC||[email protected] --- Comment #6 from David Cook --- *** Bug 31184 has been marked as a duplicate of this bug. *** -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug. ___ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 18787] Create permission profiles for staff users
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18787 --- Comment #5 from Alexander Wagner --- Diving into the mentioned plugin I found indeed that it assumes each patron gains only one set of permissions (iow you can not be in more than one group). For this reason I came up with a small perl script than will handle permission setup for j2k. This script basically reads an input file giving the name of the role someone should have and her cardnumber. It will then create a patron list for the roles, add patrons to the list (for easy reference) and add permissions accordingly. This script could need a bit of improvement for general use. E.g. an immediate thing would be to move the hard coded hash for permissions to some source read in, and probably for koha purists the idea to have files around that implement the functions are not that common. (It's just easy for me to handle those files in git within j2k.) But maybe one could build upon it. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug. ___ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 18787] Create permission profiles for staff users
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18787 Marie-Luce Laflamme changed: What|Removed |Added CC||marie-luce.laflamme@inlibro ||.com --- Comment #4 from Marie-Luce Laflamme --- +1. This is a great idea! -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. ___ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 18787] Create permission profiles for staff users
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18787 Alexander Wagner changed: What|Removed |Added CC||[email protected] --- Comment #3 from Alexander Wagner --- Indeed it would be nice to have something along the lines of unix-groups that assign certain rights. E.g. I could define what cataloguers can do or the ILL staff and then assign people to be cataloguer and/or ILL staff easily. Indeed, I spent some time to fiddle out that this seems not to exist (yet). In view of Bug 6223 also the term `roles` comes to mind. The https://github.com/bywatersolutions/koha-plugin-batch-permissions-modifier plugin Séverine mentioned goes in this direction indeed and populates permissions from a template user to all users on a given patron list. It works pretty well as far as I tested it, just in "auto" mode it seems not always to trigger. (IOW I had to run it manually from time to time to propagate permissions.) I'll have to check what happens if some user shows up in two lists, though. It doesn't look like this is meant to be. Configuration might get a bit ugly as one has to add template patrons and lists to handle all set up by bare numbers. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug. ___ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 18787] Create permission profiles for staff users
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18787 Amanda Campbell changed: What|Removed |Added CC|[email protected] | -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 18787] Create permission profiles for staff users
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18787 Amanda Campbell changed: What|Removed |Added CC||[email protected] -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 18787] Create permission profiles for staff users
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18787 --- Comment #2 from Séverine Queune --- Just discovered this plugin, but not tested yet. https://github.com/bywatersolutions/koha-plugin-batch-permissions-modifier -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. ___ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 18787] Create permission profiles for staff users
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18787 e.betemps changed: What|Removed |Added CC||[email protected] -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list [email protected] http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 18787] Create permission profiles for staff users
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18787 Tom Misilo changed: What|Removed |Added CC||[email protected] -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list [email protected] http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 18787] Create permission profiles for staff users
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18787 Katrin Fischer changed: What|Removed |Added CC||[email protected] --- Comment #1 from Katrin Fischer --- *** Bug 6223 has been marked as a duplicate of this bug. *** -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. ___ Koha-bugs mailing list [email protected] http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 18787] Create permission profiles for staff users
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18787 Lee Jamison changed: What|Removed |Added CC||[email protected] -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list [email protected] http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 18787] Create permission profiles for staff users
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18787 Katrin Fischer changed: What|Removed |Added Version|16.11 |master -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. ___ Koha-bugs mailing list [email protected] http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 18787] Create permission profiles for staff users
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18787 Katrin Fischer changed: What|Removed |Added Summary|Create permission profils |Create permission profiles |for staff user |for staff users CC||[email protected] -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug. ___ Koha-bugs mailing list [email protected] http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
