Restrict search/view of invoice, invoiceLine records based upon acquisitions unit

Description

Overview
Restrict search/view of invoice and invoiceLines based upon the acquisitions unit memberships of the user and the acquisitions unit being assigned to the record.

Acquisitions units are described on the wiki . The invoice-specific details which this story covers can also be found there.

Acceptance Criteria:

  • Acquisitions units are used to determine if a user can search for/view the invoice/invoiceLine record

  • Unit tests are updated

  • API tests are updated

Environment

None

Potential Workaround

None

Attachments

2

Checklist

hide

TestRail: Results

Activity

Show:

Craig McNallyAugust 27, 2019 at 5:13 PM

also verified via some manual UI testing...

NOTE: this is outside the scope of this story, just an observation for discussion...

  • if trying to access an invoice by ID that is assigned to a unit you're not a member of, the third pane displays the three dot "spinner" indefinitely. This isn't terrible, but we might consider displaying an explicit error to the user. Otherwise it might be unclear if the request is just taking a long time or what... This is an edge case and likely wouldn't be encountered, so if we do pursue this it's probably very low priority...

Craig McNallyAugust 27, 2019 at 5:00 PM

Verified on folio-testing via API tests:

Piotr KalashukAugust 22, 2019 at 8:14 AM

The API tests are available in PR #285

Piotr KalashukAugust 22, 2019 at 8:13 AM

Part 4. Clean up

Delete invoices

Delete acq units

Go to UI by admin and delete all created units

Delete users

Piotr KalashukAugust 22, 2019 at 8:10 AM

Part 3. Get records by id

Note: to simplify comment only status code for success response is added; status code + response body for failure cases

Get invoices by id

User 1

Order

Request

Response

1

2

3

4

User 2

Order

Request

Response

1

2

3

4

User 3

Order

Request

Response

1

2

3

4

User 4

Order

Request

Response

1

2

3

4

Get invoice lines by id

User 1

Order

Request

Response

1

2

3

4

User 2

Order

Request

Response

1

2

3

4

User 3

Order

Request

Response

1

2

3

4

User 4

Order

Request

Response

1

2

3

4

Done

Details

Assignee

Reporter

Tester Assignee

Priority

Story Points

Sprint

Development Team

Thunderjet

Fix versions

TestRail: Cases

Open TestRail: Cases

TestRail: Runs

Open TestRail: Runs

Created June 20, 2019 at 8:10 PM
Updated September 4, 2019 at 2:30 PM
Resolved August 27, 2019 at 5:13 PM
TestRail: Cases
TestRail: Runs