Handle "Inventory: View instance records being suppressed for staff" permission on the back end.
RCA Group
Description
Environment
Potential Workaround
Checklist
hideTestRail: Results
Activity
Ann-Marie Breaux December 1, 2023 at 3:57 PM
Permissions cleanup will be handled in the context of
Marc Johnson October 18, 2019 at 12:30 PM
BTW I'm a bit confused why you are talking about implementation of a given permission to be a topic for TC??
I think is talking about needing some technical oversight because this is a different kind of permission. Most of the permissions FOLIO currently has either allow a user to do something or not, and those are fairly broad.
Action based permissions will allow us to narrow down permissions, for example, rather than can edit or not, we could also have mark as missing which is a special kind of edit. That area likely needs some decisions around how to model and name those permissions, and maybe extra infrastructure to help with them.
This kind of permission (I don't think we have a name yet, maybe filter permissions?) is slightly different. It means that two user asking the same question e.g. `search for the instances with a title starting with Harry Potter` could get different answers depending upon which permissions they have.
This raises questions about where we need to check them, e.g. we need to check them when fetching multiple records or when fetching a single record. How does that fit into related activities, e.g. what happens when a check out is attempted for a staff suppressed instance where the user does not have access to suppressed instances.
It also changes technical aspects of the system, like caching, because the cached searched results now have to be specific to users or permissions. That is before we start thinking about what should happen if this information is shared to another area, e.g. acquisitions.
Does that help explain why this is not a regular permission, and needs more consideration and oversight?
Charlotte Whitt October 18, 2019 at 11:37 AM
- I can move to the Core Functional team so both backend and ui is under the wings of Core functional team.
I'm sure don't mind
BTW I'm a bit confused why you are talking about implementation of a given permission to be a topic for TC??
CC:
Cate Boerema October 17, 2019 at 1:11 PM
, , and we have historically had a policy not to implement permissions in the ui only. This is something people like have been very firm about, as there are security concerns with implementing ui-only permissions.
I don't think Vega should implement a ui-only permissions without the blessing of a broader technical group (tech leads? TC?)
Khalilah Gambrell October 17, 2019 at 12:40 PM
, , , and , I moving this story to Core: Functional and the frontend story to the Vega backlog.
Details
Assignee
UnassignedUnassignedReporter
Oleksandr AntonenkoOleksandr AntonenkoLabels
Priority
P3Development Team
ProkopovychTestRail: Cases
Open TestRail: CasesTestRail: Runs
Open TestRail: Runs
Details
Details
Assignee
Reporter
Oleksandr AntonenkoLabels
Priority
P3
Purpose: In the instance record, it's possible to mark the instance record, that it should not be displayed for staff - that means typical only viewable for catalogers, who are working on a draft record, etc. To support who can view these records, we need a permission that allows users (typical catalogers) to view instance records being check marked as 'Staff suppress'.
Usecase: Permission in Users to enable/disable the view of staff-suppressed instance records
Scenarios:
Scenario
Login to FOLIO Snapshot
Given the Inventory module
When enabled
Then a logical permission should be provided called "Inventory: View instance records being suppressed for staff"
Scenario
Given User A has been given the permission "Inventory: View instance records being suppressed for staff"
When User A accesses FOLIO
Then:
The Inventory app should be visible in the top navigation bar
The Inventory app should be fully accessible to User A, meaning User A can:
Search and filter instance, holdings and item records
View Instance records in detailed screen
View Instance records, which are being marked as suppressed for staff
View filter for Staff suppress in 1st pane - see
Scenario
Given User A has been given the permission "View instance records being suppressed for staff" as part of a custom permission set
When User A accesses FOLIO
Then User A should have all rights normally conferred by this permission (see scenario 2) plus whatever additional rights conferred by the users custom permission set.