Permissions: Can View User Profile: Basic Fields

Purpose: Improve permissions handling so that assigned permissions control what options are presented to the user within FOLIO (currently all options are presented and you get an error when you attempt something you don't have rights to). The focus of this story is the "Can view user profile: basic fields" permission. Other stories will be added for other permissions.

*NOTE: This story assumes we have implemented the distinction between basic and restricted fields. If we haven't yet done that, we will need to consolidate with LIBAPP-150.

Scenarios:

1. Scenario

   • Given User A has been assigned the "Can view user profile: basic fields" permission ONLY

   • When FOLIO is displayed

   • Then User A has the following rights:

     • Users app is visible in Recent Applications Toolbar

     • Basic user data can be searched and filtered in Users app

     • Basic user fields can be viewed

     • Direct linking to User search, results and details is allowed

2. Scenario

   • Given User A has been assigned the "Can view user profile: basic fields" permission ONLY

   • When FOLIO is displayed

   • Then User A does NOT have the following rights:

     • Restricted user data can be searched and filtered in the Users app

     • Restricted user fields can be viewed

     • Basic user fields can be edited

     • Restricted user fields can be edited

     • User Edit button/icon is visible

     • Direct linking to Edit User page is allowed

     • Create new user button is visible

     • User creation is permitted

     • Direct linking to Create User page is allowed

     • Can view permissions assigned to users

     • Can assign and unassign permissions to users

     • Settings app is visible in Recent Applications Toolbar

     • "User permissions" link is visible under Settings > Users

     • User permission sets can be created, read, updated and deleted

3. Scenario

   • Given I don't have rights to direct link to Page A

   • When I direct link to page A (e.g. I paste the url into my browser)

   • Then I should see the following message:

     • Header/Title: Permission Error

     • Text: Sorry - your user permissions do not allow access to this page.

     • NOTE: This is an edge case and it doesn't need to be pretty, but we do need to make sure it works so there's no back door to access things you shouldn't be able to access. We're flexible on how we do this.

4. Scenario

   • Given User A has been assigned the "Can view user profile: basic fields" permission AND another permission or set

   • When FOLIO is displayed

   • Then User A shall have the cumulative set of rights from all assigned permissions

Additional Info: A graphical representation of the rights by base permission can be found in this google sheet. Please note that the scope of the sheet is much larger than this particular story (and even includes some items that are out of scope for v1). Please reference the scenarios in this story for story scope.