This set of patches makes it possible to protect patrons from being accidetally
deleted or merged with other patrons, from the UI and from (well behaved) cron
jobs. The following subroutines are affected:
- Koha::Patron::delete
- Koha::Patron::merge_with
- Koha::Patron::safe_to_delete
- C4::Members::GetBorrowersToExpunge
Please note:
- This does not intend to protect patrons from being edited, only from being
deleted
To test:
* Tests
- Run the affected tests:
prove t/db_dependent/Members.t
prove t/db_dependent/Koha/Patrons.t
* Editing protected status and manual deletion
- Add a new user, note the presence of the "Protected" field under "Library
management", but leave it at the default "No", for now.
- Note that "Protected" is displayed in the "Library use" section of the patron
details.
- Note that More > Delete is avaiable as an action when the patron is saved
- Edit the user and set "Protected" to "Yes"
- Note that More > Delete is now disabled, with a note that the patron is protected
* Batch patron deletion
- Go to Tools > Batch patron deletion and anonymization
- Check the box for "Verify you want to delete patrons"
- Choose the category of your protected patron for "whose patron category is"
and click "Next" to run the actual deletion
- Check that your protected patron was not deleted
* Merging patrons
- Make sure you have two patrons with similar names or the same category, so
you can find them with one search. One should be protected, one not.
- Search for the patrons, tick their boxes and click on "Merge selected patrons"
- Select one of the patrons as the "patron to keep".
. Click on "Merge patrons"
- "No valid patrons to merge were found" should be shown
- Repeat this with the other patron as the "patron to keep"
(A future enhancement could be to not allow a protected patron to be selected for
merging in the first place.)
* misc/cronjobs/delete_patrons.pl
- Make sure you have a protected patron, in a category with at least one more
patron.
- Run something like this (at least in ktd):
$ perl misc/cronjobs/delete_patrons.pl --category_code <code> -v --confirm
(Replace <code> with the actual categorycode.)
- Make sure the borrowernumber of the protected patron is not mentioned in the
output of the script.
- Check the protected patron was not deleted
- Check the non-protected patrons were deleted
* REST API (with ktd)
- Make sure you still have a protected patron, and note their borrowernumber
- Enable RESTBasicAuth and restart all the things
- Run these two commands from the command line on the host:
$ curl -u koha:koha --request GET "http://localhost:8081/api/v1/patrons/54"
$ curl -u koha:koha --request DELETE "http://localhost:8081/api/v1/patrons/54"
(Replace 54 with the actual borrowernumber of your protected patron.)
- The first curl command should give you the patron details. The second should
give this output:
{"error":"Protected patrons cannot be deleted","error_code":"is_protected"}
There could be more functions/scripts where patrons are deleted that I have not
thought about. Please report them on the bug if you find any!
Update 2023-10-19: Fix "More > Delete" on patron, so link can not be clicked.
Update 2023-10-19: Rebase
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>