[Bug 18403] New: Hide patron information if not part of the logged in user library group

classic Classic list List threaded Threaded
148 messages Options
12345
Reply | Threaded
Open this post in threaded view
|

[Bug 18403] Hide patron information if not part of the logged in user library group

bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18403

Jonathan Druart <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Blocks|                            |18789


Referenced Bugs:

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18789
[Bug 18789] Send a Koha::Patron object to the templates
--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 18403] Hide patron information if not part of the logged in user library group

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18403
Bug 18403 depends on bug 17829, which changed state.

Bug 17829 Summary: Move GetMember to Koha::Patron
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17829

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|Pushed to Master            |RESOLVED
         Resolution|---                         |FIXED

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 18403] Hide patron information if not part of the logged in user library group

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18403

Jonathan Druart <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Depends on|                            |19456


Referenced Bugs:

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19456
[Bug 19456] Some pages title tag contains html
--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 18403] Hide patron information if not part of the logged in user library group

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18403

--- Comment #58 from Jonathan Druart <[hidden email]> ---
The remote branch has been rebased.

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 18403] Hide patron information if not part of the logged in user library group

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18403
Bug 18403 depends on bug 19456, which changed state.

Bug 19456 Summary: Some pages title tag contains html
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19456

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|Pushed to Stable            |RESOLVED
         Resolution|---                         |FIXED

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 18403] Hide patron information if not part of the logged in user library group

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18403

Jessie Zairo <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |[hidden email]

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 18403] Hide patron information if not part of the logged in user library group

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18403

Jonathan Druart <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Blocks|                            |20133


Referenced Bugs:

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20133
[Bug 20133] "Hide patron information" feature should not affect all library
groups
--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 18403] Hide patron information if not part of the logged in user library group

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18403

Kyle M Hall <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|Signed Off                  |Passed QA
                 CC|                            |[hidden email]

--- Comment #59 from Kyle M Hall <[hidden email]> ---
Passed QA! Since this a git branch I'll just change the bug status. You can add
me s/o when the commits are pushed!

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 18403] Hide patron information if not part of the logged in user library group

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18403

--- Comment #60 from Jonathan Druart <[hidden email]> ---
Created attachment 71392
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=71392&action=edit
Bug 18403: Add POD for output_and_exit_if_error

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 18403] Hide patron information if not part of the logged in user library group

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18403

Jonathan Druart <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
  Attachment #71392|0                           |1
        is obsolete|                            |

--- Comment #61 from Jonathan Druart <[hidden email]> ---
Created attachment 71394
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=71394&action=edit
Bug 18403: Add POD for output_and_exit_if_error

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 18403] Hide patron information if not part of the logged in user library group

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18403

Jonathan Druart <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|Passed QA                   |Pushed to Master

--- Comment #62 from Jonathan Druart <[hidden email]> ---
Pushed to master for 18.05, thanks to everybody involved!

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 18403] Hide patron information if not part of the logged in user library group

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18403

--- Comment #63 from Jonathan Druart <[hidden email]> ---
Created attachment 71500
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=71500&action=edit
Bug 18403: Hide patron information if not part of the logged in user library
group

This patchset adds a new feature that will allow libraries inside a
single Koha installation to restrict access to information of patrons
that

The group of libraries feature is introduced by bug 15707, see this bug for
more
information.

Let's imagine that 2 groups G1 and G2 are defined and that they include 2
libraries
each G1a, G1b and G2c, G2d: logged in users attached to G1a will only see
patron's
information from G1a and G1b.
To add more flexibility, a new user permission named
'view_borrower_infos_from_any_libraries'
will drive this behavior. If set, the patron will be able to see patron's
information
of any libraries.

If the restriction is set, the logged in user will not be able to search, show,
edit,
delete patron's information of patrons attached to groups of libraries outside
his
own group.
In situations we need to refer to a patron, for holds and checkouts for
instance,
and his information cannot be viewed, a text "A patron from library G1A" will
be
displayed.

Considered unecessary or outside the scope of this bug report:
* The report module is not affected by this feature for obvious reasons
* The firstname and surname of guarantors, basket (acq) managers, patrons
linked
to orders are still displayed.
* Log viewer: Can only be staff
* patron list: you cannot add patrons from another group of librairies, but can
see/delete from list (too much rewrite, or we can test for patron one by one?).
* "Patron card creator" tool is not impacted by this feature.
* Upload patron images is not impacted by this patch, should it be?
* Tools:
  - Upload patrons
  - Clean borrowers tool (This can can done easily updating
Koha::Patrons->search
with Koha::Patrons->search_limited in search_upcoming_membership_expires and
search_patrons_to_anonymise but we will need to move GetBorrowersToExpunge to
Koha::Patrons first)
We can discuss these different points but will be other bug reports not to add
more complexity to this first patchset.

Test plan:
You will find a test plan in the following commit messages.
Start by creating different group of libraries and patrons with and without the
new permission. Open different browser sessions to ease the tests.
Note that all patches have to be applied to test the different test plans.

Technical notes:
For QAers (and others) a techical note will be added to the commit messages of
this
patchset. I would recommend you to read them one by one to understand the
different
steps of this development.

+ Special attention should be payed to the REST api changes
+ Should we restrict the logged in user to libraries from his group when
he wants to set his library (Home › Circulation › Set library)?

Signed-off-by: Signed-off-by: Jon McGowan <[hidden email]>

Signed-off-by: Jonathan Druart <[hidden email]>

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 18403] Hide patron information if not part of the logged in user library group

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18403

--- Comment #64 from Jonathan Druart <[hidden email]> ---
Created attachment 71501
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=71501&action=edit
Bug 18403: Add new method Koha::Library->library_group

This is more a follow-up for bug 15707. It could be moved on its own bug report
if necessary.

Test plan:
  prove t/db_dependent/LibraryGroups.t
should return green

Signed-off-by: Signed-off-by: Jon McGowan <[hidden email]>

Signed-off-by: Jonathan Druart <[hidden email]>

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 18403] Hide patron information if not part of the logged in user library group

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18403

--- Comment #65 from Jonathan Druart <[hidden email]> ---
Created attachment 71502
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=71502&action=edit
Bug 18403: Add new method Koha::Library::Group->has_child

This is more a follow-up for bug 15707. It could be moved on its own bug report
if necessary.

IMPORTANT NOTE: At the moment the feature only works for 1 level depth, see
bug 15707 comment 166+ for the discussion

It means that if we have:
 root_group
     + groupA
         + groupA1
             + groupA1_library2
         + groupA_library1
         + groupA2
     + groupB
         + groupB_library1
groupA1_library2 is not considered a child of groupA1.
Note that this can change.

Test plan:
  prove t/db_dependent/LibraryGroups.t
should return green

Signed-off-by: Signed-off-by: Jon McGowan <[hidden email]>

Signed-off-by: Jonathan Druart <[hidden email]>

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 18403] Hide patron information if not part of the logged in user library group

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18403

--- Comment #66 from Jonathan Druart <[hidden email]> ---
Created attachment 71503
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=71503&action=edit
Bug 18403: Send logged_in_user to template from C4::Auth

Technical note:
To ease future changes we are passing a logged_in_user variable to templates.
It contains the Koha::Patron object representing the logged in patron.
This will be very useful for this patch and even after (for instance we will be
able to replace easily loggedinusername and loggedinusernumber).

Signed-off-by: Signed-off-by: Jon McGowan <[hidden email]>

Signed-off-by: Jonathan Druart <[hidden email]>

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 18403] Hide patron information if not part of the logged in user library group

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18403

--- Comment #67 from Jonathan Druart <[hidden email]> ---
Created attachment 71504
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=71504&action=edit
Bug 18403: Add new method Koha::Patron->can_see_patron_info

Technical note:
This is the method that will be called on the logged_in_user variable sent to
the template. Moreover we will check that the logged in user can access patron'
information when access to members/* and some circulation scripts will be done.

Signed-off-by: Signed-off-by: Jon McGowan <[hidden email]>

Signed-off-by: Jonathan Druart <[hidden email]>

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 18403] Hide patron information if not part of the logged in user library group

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18403

--- Comment #68 from Jonathan Druart <[hidden email]> ---
Created attachment 71505
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=71505&action=edit
Bug 18403: Update permissions - borrowers => 1|* becomes borrowers =>
'edit_borrowers'

Test plan:
Login with a patron that only have the 'edit_borrowers' permission.
You should be able to access patron's information of patrons inside of your
group.

Technical note:
Before this patchset the borrowers permission module contains only 1 permission
'edit_borrowers'.
That meant
  borrowers => 1
and
  borrowers => '*'
had the same behavior.
Moreover, now that we have 2 permissions, 'CAN_user_borrowers' is set when all
permissions of 'borrowers' are set.
We need to update the different occurrences of these tests.

Signed-off-by: Signed-off-by: Jon McGowan <[hidden email]>

Signed-off-by: Jonathan Druart <[hidden email]>

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 18403] Hide patron information if not part of the logged in user library group

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18403

--- Comment #69 from Jonathan Druart <[hidden email]> ---
Created attachment 71506
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=71506&action=edit
Bug 18403: Add sub output_and_exit_if_error - unknown_patron &
cannot_see_patron_infos

Test plan:
Login with a patron that is not allowed to see patron's information for patrons
outside of his group. Try to access patron's information from scripts of the
patron
module (members/*) and circ/circulation.pl.
You should be able to access patron's information of patrons outside of your
group
and get "You are not allowed to see the information of this patron."
If you try and access a patron page with a borrowernumber that does not exist,
you
should get "This patron does not exist"

Technical note:
A new C4::Output subroutine is created in this patch:
"output_and_exit_if_error"
Executed at the beginning of the script it will permit not to copy/paste all
the
different checks to know if the logged in user is authorised to see patron's
information.
The design here can be discussed, but I did not find an alternative with as
less changes.
On the way I refactor what we did with 'unknowuser' previously: it will now
work with all
patron pages, not only the few that used it.
Note that the 'or die "Not logged in";' part should not be needed, but... who
trusts
C4::Auth?
I think it could be used as a safeguard later. I am willing to sed and remove
them
if required.

Changes in discharge.pl are mainly indentation changes.

With this patch we should now have a $patron variable that refer to the patron
we
want to access. That will be very useful to remove plenty of code in members/*
and
only pass this variable to the template (instead of 1 variable per patron's
attribute).

Signed-off-by: Signed-off-by: Jon McGowan <[hidden email]>

Signed-off-by: Jonathan Druart <[hidden email]>

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 18403] Hide patron information if not part of the logged in user library group

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18403

--- Comment #70 from Jonathan Druart <[hidden email]> ---
Created attachment 71507
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=71507&action=edit
Bug 18403: Adapt patron search

This patch modifies the patron search code to limit the libraries to the
ones
the logged in user is allowed to access

Test plan:
Search for patrons
You should not see patrons you are not allowed to see.

Technical note:
I am really glad to have refactored all the patron searches before
having to
write this patch. It tooks me ~40 l to acchieve this job and affect all
patron searches.
Thanks refactoring!

Signed-off-by: Signed-off-by: Jon McGowan <[hidden email]>

Signed-off-by: Jonathan Druart <[hidden email]>

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 18403] Hide patron information if not part of the logged in user library group

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18403

--- Comment #71 from Jonathan Druart <[hidden email]> ---
Created attachment 71508
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=71508&action=edit
Bug 18403: Only display libraries from group in dropdown lists

From where patrons it's about patrons, we do not want to display the libraries
from all the system, but only the ones from the group.

Test plan:
- See the overdues (circ/overdue.pl) and make sure you can only see overdues
from
patrons part of your group (do not forget to test the CSV export).
- Search for patrons, the 'library' filters (headers and left side) should only
display libraries from your group
- Search for article request by patron's library: only the libraries from your
group should be displayed

Signed-off-by: Signed-off-by: Jon McGowan <[hidden email]>

Signed-off-by: Jonathan Druart <[hidden email]>

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 18403] Hide patron information if not part of the logged in user library group

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18403

--- Comment #72 from Jonathan Druart <[hidden email]> ---
Created attachment 71509
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=71509&action=edit
Bug 18403: Use patron-title.inc when hidepatronname is used

There is already a HidePatronName syspref to hide patron's information
on bibliographic
record detail pages and the hold list.

Test plan:
With the HidePatronName enabled, make sure the patron's information are
hidden from
the catalogue and hold list pages. If the logged in user is not allowed
to see the
patron's info, no link and no cardnumber will be displayed
With he HidePatronName disabled, make sure the patron's information are
displayed
if the logged in user is allowed to see the patron's info.

Technical note:
This patch improves the existing patron-title.inc include file to
display patron's
information. Using it everywhere patron's details are displayed will
permit to
homogenise the way they are displayed. The file takes now a patron
object (what
should be, in the future, the only way to use it), that way we can call
the new
method on it to know if patron's information can be shown by the logged
in used.

NOTE: I am not sure this syspref makes sense anymore. Should not we
remove it?

Signed-off-by: Signed-off-by: Jon McGowan <[hidden email]>

Signed-off-by: Jonathan Druart <[hidden email]>

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 18403] Hide patron information if not part of the logged in user library group

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18403

--- Comment #73 from Jonathan Druart <[hidden email]> ---
Created attachment 71510
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=71510&action=edit
Bug 18403: Use patron-title.inc when hidepatronname is used [SPECIFIC for
issuehistory]

On this page we do not have the patron object sent to the template,
let's pass it!

Test plan:
Go on the checkout history of a bibliographic record
(catalogue/issuehistory.pl)
You should not see patron's information that are not part of your group
if you
are not allowed to see them.

Signed-off-by: Signed-off-by: Jon McGowan <[hidden email]>

Signed-off-by: Jonathan Druart <[hidden email]>

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 18403] Hide patron information if not part of the logged in user library group

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18403

--- Comment #74 from Jonathan Druart <[hidden email]> ---
Created attachment 71511
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=71511&action=edit
Bug 18403: Use patron-title.inc when hidepatronname is used [SPECIFIC for
view_holdsqueue]

Same that the previous patch but for the holds queue

Signed-off-by: Signed-off-by: Jon McGowan <[hidden email]>

Signed-off-by: Jonathan Druart <[hidden email]>

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 18403] Hide patron information if not part of the logged in user library group

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18403

--- Comment #75 from Jonathan Druart <[hidden email]> ---
Created attachment 71512
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=71512&action=edit
Bug 18403: Batch patron modification tool

Do not allow a logged in staff user to modify patrons that are not part of his
group if he is not allowed.

Test plan:
Make sure you are not allowed to modify patrons that are not part of your group
from the batch patron modification tool

Signed-off-by: Signed-off-by: Jon McGowan <[hidden email]>

Signed-off-by: Jonathan Druart <[hidden email]>

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 18403] Hide patron information if not part of the logged in user library group

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18403

--- Comment #76 from Jonathan Druart <[hidden email]> ---
Created attachment 71513
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=71513&action=edit
Bug 18403: output_and_exit_if_error for circulation.pl

This is a follow-up for a previous patch, changes have been tested
already

Signed-off-by: Signed-off-by: Jon McGowan <[hidden email]>

Signed-off-by: Jonathan Druart <[hidden email]>

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 18403] Hide patron information if not part of the logged in user library group

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18403

--- Comment #77 from Jonathan Druart <[hidden email]> ---
Created attachment 71514
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=71514&action=edit
Bug 18403: Add new methods Koha::Patrons->search_limited and use it where
needed

Most of the time when we search for patrons we do not want to search for all
patrons,
but just the ones the logged in user is allowed to see the information.
This patch takes care of that by adding a new search_limited method to
Koha::Patrons.
When called this method only search for patrons that the logged in user is
allowed
to see.

Test plan:
Patron autocomplete search should be limited

Signed-off-by: Signed-off-by: Jon McGowan <[hidden email]>

Signed-off-by: Jonathan Druart <[hidden email]>

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 18403] Hide patron information if not part of the logged in user library group

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18403

--- Comment #78 from Jonathan Druart <[hidden email]> ---
Created attachment 71515
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=71515&action=edit
Bug 18403: Refactor and add Koha::Patron->libraries_where_can_see_patrons

Technical note:
Here we are just refactoring a code that have been copied into 3 different
places.
libraries_where_can_see_patrons is a terrible method's name, feel free to
suggest
something better. The method return a list of branchcodes to be more efficient,
instead of Koha::Libraries

Signed-off-by: Signed-off-by: Jon McGowan <[hidden email]>

Signed-off-by: Jonathan Druart <[hidden email]>

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 18403] Hide patron information if not part of the logged in user library group

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18403

--- Comment #79 from Jonathan Druart <[hidden email]> ---
Created attachment 71516
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=71516&action=edit
Bug 18403: Add tests for Koha::Patrons

A bit late but here are the tests for
 Koha::Patron->libraries_where_can_see_patrons
 Koha::Patron->can_see_patron_infos
 Koha::Patron->search_limited

Test plan:
  prove t/db_dependent/Koha/Patrons.t
should return green

Signed-off-by: Signed-off-by: Jon McGowan <[hidden email]>

Signed-off-by: Jonathan Druart <[hidden email]>

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 18403] Hide patron information if not part of the logged in user library group

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18403

--- Comment #80 from Jonathan Druart <[hidden email]> ---
Created attachment 71517
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=71517&action=edit
Bug 18403: Add new method Koha::Patron->can_see_patrons_from

Technical note:
Sometimes we do not have the patron object, for instance for the patron
modifications
we will need to know if the logged in user can modify patron's from a given
library.
This new subroutine 'can_see_patrons_from' will then be useful

Signed-off-by: Signed-off-by: Jon McGowan <[hidden email]>

Signed-off-by: Jonathan Druart <[hidden email]>

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 18403] Hide patron information if not part of the logged in user library group

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18403

--- Comment #81 from Jonathan Druart <[hidden email]> ---
Created attachment 71518
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=71518&action=edit
Bug 18403: Patron modification requests

Limit patron's modifications based on logged in patron permissions.

Test plan:
Create some patron's modification requests at the OPAC
Make sure the logged in staff user see (or not) the modification depending his
permissions.
The number of modification displayed on the mainpage should be correct as well.

Signed-off-by: Signed-off-by: Jon McGowan <[hidden email]>

Signed-off-by: Jonathan Druart <[hidden email]>

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
12345