Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Permissions: Can Edit User Profile

Description

Purpose: Improve permissions handling so that assigned permissions control what options are presented to the user within FOLIO (currently all options are presented and you get an error when you attempt something you don't have rights to). The focus of this story is the Can edit user profile permission. Other stories will be added for other permissions.

Scenarios:

  1. Scenario

    • Given User A has been assigned the "Can edit user profile" permission ONLY

    • When FOLIO is displayed

    • Then User A has the following rights:

      • Users app is visible in Recent Applications Toolbar

      • Basic user data can be searched and filtered in Users app*

      • Restricted user data can be searched and filtered in the Users app*

      • Basic user fields can be viewed*

      • Restricted user fields can be viewed*

      • Direct linking to User search, results and details is allowed

      • User Edit button/icon is visible

      • Basic user fields can be edited*

      • Restricted user fields can be edited*

      • Direct linking to Edit User page is allowed

      • *NOTE: Items with asterisk assume we have implemented the distinction between basic and restricted fields. If we haven't yet done that, we can consolidate.

  2. Scenario

    • Given User A has been assigned the "Can edit user profile" permission ONLY

    • When FOLIO is displayed

    • Then User A does NOT have the following rights:

      • Create new user button is visible

      • User creation is permitted

      • Direct linking to Create User page is allowed

      • Can view permissions assigned to users

      • Can assign and unassign permissions to users

      • Settings app is visible in Recent Applications Toolbar

      • "User permissions" link is visible under Settings > Users

      • User permission sets can be created, read, updated and deleted

  3. Scenario

    • Given I don't have rights to direct link to Page A

    • When I direct link to page A (e.g. I paste the url into my browser)

    • Then I should see the following message:

      • Header/Title: Permission Error

      • Text: Sorry - your user permissions do not allow access to this page.

      • NOTE: This is an edge case and it doesn't need to be pretty, but we do need to make sure it works so there's no back door to access things you shouldn't be able to access. We're flexible on how we do this.

  4. Scenario

    • Given User A has been assigned the "Can edit user profile" permission AND another permission or set

    • When FOLIO is displayed

    • Then User A shall have the cumulative set of rights from all assigned permissions

Additional Info: A graphical representation of the rights by base permission can be found in this google sheet. Please note that the scope of the sheet is much larger than this particular story (and even includes some items that are out of scope for v1). Please reference the scenarios in this story for story scope.

Environment

None

Potential Workaround

None

Checklist

hide

TestRail: Results

Activity

Show:

Mike Taylor March 13, 2017 at 12:45 PM

Done, subject to the permission-set authoring described in LIBAPP-157.

Mike Taylor March 12, 2017 at 12:15 AM

I think this is done, too, but as with , it depends on the interpretation of the story.

Done

Details

Assignee

Reporter

Labels

Priority

Sprint

Parent

TestRail: Cases

Open TestRail: Cases

TestRail: Runs

Open TestRail: Runs
Created March 1, 2017 at 10:30 AM
Updated May 8, 2017 at 11:46 AM
Resolved March 13, 2017 at 12:45 PM
TestRail: Cases
TestRail: Runs