[Bug 18403] New: Hide patron information if not part of the logged in user library group

classic Classic list List threaded Threaded
151 messages Options
1234 ... 6
Reply | Threaded
Open this post in threaded view
|

[Bug 18403] New: Hide patron information if not part of the logged in user library group

bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18403

            Bug ID: 18403
           Summary: Hide patron information if not part of the logged in
                    user library group
 Change sponsored?: ---
           Product: Koha
           Version: unspecified
          Hardware: All
                OS: All
            Status: ASSIGNED
          Severity: new feature
          Priority: P5 - low
         Component: Patrons
          Assignee: [hidden email]
          Reporter: [hidden email]
        QA Contact: [hidden email]
                CC: [hidden email], [hidden email]

Add the ability to hide patron record information from any other library
(outside the group).

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 18403] Hide patron information if not part of the logged in user library group

bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18403

Jonathan Druart <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Depends on|                            |18402, 16735, 17829


Referenced Bugs:

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16735
[Bug 16735] Replace existing library search groups functionality with the new
hierarchical groups system
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17829
[Bug 17829] Move GetMember to Koha::Patron
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18402
[Bug 18402] Add the Koha::Item->checkout method
--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 18403] Hide patron information if not part of the logged in user library group

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18403

Jonathan Druart <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|ASSIGNED                    |Needs Signoff

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 18403] Hide patron information if not part of the logged in user library group

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18403

--- Comment #1 from Jonathan Druart <[hidden email]> ---
Created attachment 62010
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=62010&action=edit
Bug 18403: Hide patron information if not part of the logged in user library
group

This patchset adds a new feature that will allow libraries inside a
single Koha installation to restrict access to information of patrons
that

The group of libraries feature is introduced by bug 15707, see this bug for
more
information.

Let's imagine that 2 groups G1 and G2 are defined and that they include 2
libraries
each G1a, G1b and G2c, G2d: logged in users attached to G1a will only see
patron's
information from G1a and G1b.
To add more flexibility, a new user permission named
'view_borrower_infos_from_any_libraries'
will drive this behavior. If set, the patron will be able to see patron's
information
of any libraries.

If the restriction is set, the logged in user will not be able to search, show,
edit,
delete patron's information of patrons attached to groups of libraries outside
his
own group.
In situations we need to refer to a patron, for holds and checkouts for
instance,
and his information cannot be viewed, a text "A patron from library G1A" will
be
displayed.

Considered unecessary or outside the scope of this bug report:
* The report module is not affected by this feature for obvious reasons
* The firstname and surname of guarantors, basket (acq) managers, patrons
linked
to orders are still displayed.
* Log viewer: Can only be staff
* patron list: you cannot add patrons from another group of librairies, but can
see/delete from list (too much rewrite, or we can test for patron one by one?).
* "Patron card creator" tool is not impacted by this feature.
* Upload patron images is not impacted by this patch, should it be?
* Tools:
  - Upload patrons
  - Clean borrowers tool (This can can done easily updating
Koha::Patrons->search
with Koha::Patrons->search_limited in search_upcoming_membership_expires and
search_patrons_to_anonymise but we will need to move GetBorrowersToExpunge to
Koha::Patrons first)
We can discuss these different points but will be other bug reports not to add
more complexity to this first patchset.

Test plan:
You will find a test plan in the following commit messages.
Start by creating different group of libraries and patrons with and without the
new permission. Open different browser sessions to ease the tests.
Note that all patches have to be applied to test the different test plans.

Technical notes:
For QAers (and others) a techical note will be added to the commit messages of
this
patchset. I would recommend you to read them one by one to understand the
different
steps of this development.

+ Special attention should be payed to the REST api changes
+ Should we restrict the logged in user to libraries from his group when
he wants to set his library (Home › Circulation › Set library)?

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 18403] Hide patron information if not part of the logged in user library group

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18403

--- Comment #2 from Jonathan Druart <[hidden email]> ---
Created attachment 62011
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=62011&action=edit
Bug 18403: Add new method Koha::Library->library_group

This is more a follow-up for bug 15707. It could be moved on its own bug report
if necessary.

Test plan:
  prove t/db_dependent/LibraryGroups.t
should return green

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 18403] Hide patron information if not part of the logged in user library group

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18403

--- Comment #3 from Jonathan Druart <[hidden email]> ---
Created attachment 62012
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=62012&action=edit
Bug 18403: Add new method Koha::Library::Group->has_child

This is more a follow-up for bug 15707. It could be moved on its own bug report
if necessary.

IMPORTANT NOTE: At the moment the feature only works for 1 level depth, see
bug 15707 comment 166+ for the discussion

It means that if we have:
 root_group
     + groupA
         + groupA1
             + groupA1_library2
         + groupA_library1
         + groupA2
     + groupB
         + groupB_library1
groupA1_library2 is not considered a child of groupA1.
Note that this can change.

Test plan:
  prove t/db_dependent/LibraryGroups.t
should return green

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 18403] Hide patron information if not part of the logged in user library group

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18403

--- Comment #4 from Jonathan Druart <[hidden email]> ---
Created attachment 62013
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=62013&action=edit
Bug 18403: Send logged_in_user to template from C4::Auth

Technical note:
To ease future changes we are passing a logged_in_user variable to templates.
It contains the Koha::Patron object representing the logged in patron.
This will be very useful for this patch and even after (for instance we will be
able to replace easily loggedinusername and loggedinusernumber).

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 18403] Hide patron information if not part of the logged in user library group

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18403

--- Comment #5 from Jonathan Druart <[hidden email]> ---
Created attachment 62014
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=62014&action=edit
Bug 18403: Add new method Koha::Patron->can_see_patron_info

Technical note:
This is the method that will be called on the logged_in_user variable sent to
the template. Moreover we will check that the logged in user can access patron'
information when access to members/* and some circulation scripts will be done.

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 18403] Hide patron information if not part of the logged in user library group

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18403

--- Comment #6 from Jonathan Druart <[hidden email]> ---
Created attachment 62015
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=62015&action=edit
Bug 18403: Update permissions - borrowers => 1|* becomes borrowers =>
'edit_borrowers'

Test plan:
Login with a patron that only have the 'edit_borrowers' permission.
You should be able to access patron's information of patrons inside of your
group.

Technical note:
Before this patchset the borrowers permission module contains only 1 permission
'edit_borrowers'.
That meant
  borrowers => 1
and
  borrowers => '*'
had the same behavior.
Moreover, now that we have 2 permissions, 'CAN_user_borrowers' is set when all
permissions of 'borrowers' are set.
We need to update the different occurrences of these tests.

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 18403] Hide patron information if not part of the logged in user library group

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18403

--- Comment #7 from Jonathan Druart <[hidden email]> ---
Created attachment 62016
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=62016&action=edit
Bug 18403: Add sub output_and_exit_if_error - unknown_patron &
cannot_see_patron_infos

Test plan:
Login with a patron that is not allowed to see patron's information for patrons
outside of his group. Try to access patron's information from scripts of the
patron
module (members/*) and circ/circulation.pl.
You should be able to access patron's information of patrons outside of your
group
and get "You are not allowed to see the information of this patron."
If you try and access a patron page with a borrowernumber that does not exist,
you
should get "This patron does not exist"

Technical note:
A new C4::Output subroutine is created in this patch:
"output_and_exit_if_error"
Executed at the beginning of the script it will permit not to copy/paste all
the
different checks to know if the logged in user is authorised to see patron's
information.
The design here can be discussed, but I did not find an alternative with as
less changes.
On the way I refactor what we did with 'unknowuser' previously: it will now
work with all
patron pages, not only the few that used it.
Note that the 'or die "Not logged in";' part should not be needed, but... who
trusts
C4::Auth?
I think it could be used as a safeguard later. I am willing to sed and remove
them
if required.

Changes in discharge.pl are mainly indentation changes.

With this patch we should now have a $patron variable that refer to the patron
we
want to access. That will be very useful to remove plenty of code in members/*
and
only pass this variable to the template (instead of 1 variable per patron's
attribute).

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 18403] Hide patron information if not part of the logged in user library group

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18403

--- Comment #8 from Jonathan Druart <[hidden email]> ---
Created attachment 62017
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=62017&action=edit
Bug 18403: Adapt patron search

This patch modifies the patron search code to limit the libraries to the
ones
the logged in user is allowed to access

Test plan:
Search for patrons
You should not see patrons you are not allowed to see.

Technical note:
I am really glad to have refactored all the patron searches before
having to
write this patch. It tooks me ~40 l to acchieve this job and affect all
patron searches.
Thanks refactoring!

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 18403] Hide patron information if not part of the logged in user library group

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18403

--- Comment #9 from Jonathan Druart <[hidden email]> ---
Created attachment 62018
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=62018&action=edit
Bug 18403: Only display libraries from group in dropdown lists

From where patrons it's about patrons, we do not want to display the libraries
from all the system, but only the ones from the group.

Test plan:
- See the overdues (circ/overdue.pl) and make sure you can only see overdues
from
patrons part of your group (do not forget to test the CSV export).
- Search for patrons, the 'library' filters (headers and left side) should only
display libraries from your group
- Search for article request by patron's library: only the libraries from your
group should be displayed

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 18403] Hide patron information if not part of the logged in user library group

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18403

--- Comment #10 from Jonathan Druart <[hidden email]> ---
Created attachment 62019
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=62019&action=edit
Bug 18403: Use patron-title.inc when hidepatronname is used

There is already a HidePatronName syspref to hide patron's information
on bibliographic
record detail pages and the hold list.

Test plan:
With the HidePatronName enabled, make sure the patron's information are
hidden from
the catalogue and hold list pages. If the logged in user is not allowed
to see the
patron's info, no link and no cardnumber will be displayed
With he HidePatronName disabled, make sure the patron's information are
displayed
if the logged in user is allowed to see the patron's info.

Technical note:
This patch improves the existing patron-title.inc include file to
display patron's
information. Using it everywhere patron's details are displayed will
permit to
homogenise the way they are displayed. The file takes now a patron
object (what
should be, in the future, the only way to use it), that way we can call
the new
method on it to know if patron's information can be shown by the logged
in used.

NOTE: I am not sure this syspref makes sense anymore. Should not we
remove it?

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 18403] Hide patron information if not part of the logged in user library group

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18403

--- Comment #11 from Jonathan Druart <[hidden email]> ---
Created attachment 62020
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=62020&action=edit
Bug 18403: Use patron-title.inc when hidepatronname is used [SPECIFIC for
issuehistory]

On this page we do not have the patron object sent to the template,
let's pass it!

Test plan:
Go on the checkout history of a bibliographic record
(catalogue/issuehistory.pl)
You should not see patron's information that are not part of your group
if you
are not allowed to see them.

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 18403] Hide patron information if not part of the logged in user library group

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18403

--- Comment #12 from Jonathan Druart <[hidden email]> ---
Created attachment 62021
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=62021&action=edit
Bug 18403: Use patron-title.inc when hidepatronname is used [SPECIFIC for
view_holdsqueue]

Same that the previous patch but for the holds queue

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 18403] Hide patron information if not part of the logged in user library group

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18403

--- Comment #13 from Jonathan Druart <[hidden email]> ---
Created attachment 62022
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=62022&action=edit
Bug 18403: Batch patron modification tool

Do not allow a logged in staff user to modify patrons that are not part of his
group if he is not allowed.

Test plan:
Make sure you are not allowed to modify patrons that are not part of your group
from the batch patron modification tool

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 18403] Hide patron information if not part of the logged in user library group

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18403

--- Comment #14 from Jonathan Druart <[hidden email]> ---
Created attachment 62023
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=62023&action=edit
Bug 18403: output_and_exit_if_error for circulation.pl

This is a follow-up for a previous patch, changes have been tested
already

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 18403] Hide patron information if not part of the logged in user library group

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18403

--- Comment #15 from Jonathan Druart <[hidden email]> ---
Created attachment 62024
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=62024&action=edit
Bug 18403: Add new methods Koha::Patrons->search_limited and use it where
needed

Most of the time when we search for patrons we do not want to search for all
patrons,
but just the ones the logged in user is allowed to see the information.
This patch takes care of that by adding a new search_limited method to
Koha::Patrons.
When called this method only search for patrons that the logged in user is
allowed
to see.

Test plan:
Patron autocomplete search should be limited

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 18403] Hide patron information if not part of the logged in user library group

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18403

--- Comment #16 from Jonathan Druart <[hidden email]> ---
Created attachment 62025
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=62025&action=edit
Bug 18403: Refactor and add Koha::Patron->libraries_where_can_see_patrons

Technical note:
Here we are just refactoring a code that have been copied into 3 different
places.
libraries_where_can_see_patrons is a terrible method's name, feel free to
suggest
something better. The method return a list of branchcodes to be more efficient,
instead of Koha::Libraries

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 18403] Hide patron information if not part of the logged in user library group

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18403

--- Comment #17 from Jonathan Druart <[hidden email]> ---
Created attachment 62026
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=62026&action=edit
Bug 18403: Add tests for Koha::Patrons

A bit late but here are the tests for
 Koha::Patron->libraries_where_can_see_patrons
 Koha::Patron->can_see_patron_infos
 Koha::Patron->search_limited

Test plan:
  prove t/db_dependent/Koha/Patrons.t
should return green

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 18403] Hide patron information if not part of the logged in user library group

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18403

--- Comment #18 from Jonathan Druart <[hidden email]> ---
Created attachment 62027
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=62027&action=edit
Bug 18403: Add new method Koha::Patron->can_see_patrons_from

Technical note:
Sometimes we do not have the patron object, for instance for the patron
modifications
we will need to know if the logged in user can modify patron's from a given
library.
This new subroutine 'can_see_patrons_from' will then be useful

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 18403] Hide patron information if not part of the logged in user library group

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18403

--- Comment #19 from Jonathan Druart <[hidden email]> ---
Created attachment 62028
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=62028&action=edit
Bug 18403: Patron modification requests

Limit patron's modifications based on logged in patron permissions.

Test plan:
Create some patron's modification requests at the OPAC
Make sure the logged in staff user see (or not) the modification depending his
permissions.
The number of modification displayed on the mainpage should be correct as well.

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 18403] Hide patron information if not part of the logged in user library group

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18403

--- Comment #20 from Jonathan Druart <[hidden email]> ---
Created attachment 62029
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=62029&action=edit
Bug 18403: Patron reviews

This patch adds a new method Koha::Reviews->search_limited to return the
reviews
a logged in user is allowed to see depending his permissions.

Test plan:
Create some reviews at the OPAC and make sure a staff user is limited
(or not) to approve
or decline it.
The number of reviews displayed on the mainpage should be correct as
well.

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 18403] Hide patron information if not part of the logged in user library group

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18403

--- Comment #21 from Jonathan Druart <[hidden email]> ---
Created attachment 62030
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=62030&action=edit
Bug 18403: Patron discharges

This patch deals with patron's discharges.

Test plan:
Same as previously you will need to request dischages at the OPAC.
On the staff interface the logged in user should not be allowed to see
discharge
from patrons outside his library group.
The number of discharges waiting displayed on the mainpage should be
correct as well.

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 18403] Hide patron information if not part of the logged in user library group

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18403

--- Comment #22 from Jonathan Druart <[hidden email]> ---
Created attachment 62031
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=62031&action=edit
Bug 18403: Article requests

Same as previously but for article requests.

Test plan:
Test article requests and make sure you do not need the requests for
patrons that
are attached to a group that is not part of your library's group

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 18403] Hide patron information if not part of the logged in user library group

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18403

--- Comment #23 from Jonathan Druart <[hidden email]> ---
Created attachment 62032
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=62032&action=edit
Bug 18403: Guarantors

Technically a kid from your library group could have a guarantor
attached to another
group of library, let's deal with this case.

Test plan:
- Create a kid from your library group
- With a superlibrarian staff user create a guarantor that is outside of
the group of
libraries of the kid
- Login with a limited staff user and confirm that on the patron detail
page you do not
see the link to the guarantor detail page.

Note that you see the firstname and surname of the guarantor
Q. should it be hidden?

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 18403] Hide patron information if not part of the logged in user library group

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18403

--- Comment #24 from Jonathan Druart <[hidden email]> ---
Created attachment 62033
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=62033&action=edit
Bug 18403: REST API - patrons endpoint

There is something wrond here, the userenv is no set and so we cannot
user search_limited.
Should we set the userenv or filter on the libraries using
libraries_where_can_see_patrons?
WAITING FOR FEEDBACK HERE.

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 18403] Hide patron information if not part of the logged in user library group

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18403

Jonathan Druart <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                URL|                            |https://github.com/joubu/Ko
                   |                            |ha/commits/bug_18403

--- Comment #25 from Jonathan Druart <[hidden email]> ---
There are too many dependencies on this one, please see the following remote
branch for the whole stack:
https://github.com/joubu/Koha/commits/bug_18403

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 18403] Hide patron information if not part of the logged in user library group

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18403

--- Comment #26 from Jonathan Druart <[hidden email]> ---
Created attachment 62302
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=62302&action=edit
Bug 18403: Deal with the DB user

On first login, Koha explodes before the logged in user does not exist
in DB.
This patch deals with that by adding several checks when it's needed.

Test plan:
Use the DB user to create a superlibrarian user.
The DB user should no be allowed to do anything else.

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 18403] Hide patron information if not part of the logged in user library group

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18403

--- Comment #27 from Jonathan Druart <[hidden email]> ---
Created attachment 62303
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=62303&action=edit
Bug 18403: Fix patron creation

memberentry.pl can be called to create a new patron, in that case the
patron does not exist yet.

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
1234 ... 6