Web Client: too much patron information is revealed via View Holds

Tina,
Is this bug in reference to the record's View Holds screen or to one of the other holds interfaces?

Thanks!
-Kathy

Hi Kathy,

Yes, it refers to record's View Holds.

The same columns are in the column picker on Holds screen in patron records, too. They are not a privacy concern, though may not be necessary.

I would like to add that while too much information is available here, the patron barcode is not available on the column picker list. We do need that to display.

Thanks, Dawn

Just as I clicked post I realized this is talking about the "item" view holds. I was referring to the "Holds Shelf" page. I will open a new ticket.

Looking at the code, It appears that it is grabbing all of the info from both the patron and staff info inside of the au object. The fix is essentially the same for both so its not a major scope change but we need a list with more detailed information as to what parts for both patron and staff need to be showable.

So far for the patron we have Patron Alias, Patron Barcode, Patron Frist Name, and Patron Last Name. and for staff we only have user.

For patrons, I would say alias, barcode, first name, last name, and id are sufficient.

I think staff user is actually requesting user, which is a bit different since it will be the same person as the patron in cases where the hold was placed through the catalog. Currently, the xul client shows the requesting user's id, which isn't particularly helpful. I would prefer to see the user name of the requesting user if it isn't too much effort. I don't think any other information is required.

Does that list look good to you Tina?

We told our libraries to tell whether a hold was placed by staff by checking whether patron id and user id are the same. So I would like to keep user's id. But it's fine to add user's name.

Thanks Tina! A colleague pointed out that this grid no longer has the 'Staff Hold?' column available in this grid. Could that be added at the same time? We then would be looking at the following:

Patron fields: alias, barcode, first name, last name and id.
Requester user: id and OPAC/Staff Client User Name

And the addition of the Staff Hold? field.

Thank you Alex!

Pushed up changes here: http://git.evergreen-ils.org/?p=working/Evergreen.git;a=shortlog;h=refs/heads/user/acautley/lp1705133-too-much-holds-info

We were not able to add the Staff_hold Field due to issues getting the value into the $scope

The staff_hold exists as a SQL statement inside the field mapper and we were able to replicate the logic it was using inside the javascript but were unable to display it in the grid.

Thank you Alex; it looks good to me! I've merged it to master, release 3.0 and, after resolving a minor conflict, release 2.12.