Restrict search/view of invoice, invoiceLine records based upon acquisitions unit

Description

Overview
Restrict search/view of invoice and invoiceLines based upon the acquisitions unit memberships of the user and the acquisitions unit being assigned to the record.

Acquisitions units are described on the wiki . The invoice-specific details which this story covers can also be found there.

Acceptance Criteria:

Acquisitions units are used to determine if a user can search for/view the invoice/invoiceLine record
Unit tests are updated
API tests are updated

Environment

None

Potential Workaround

None

Attachments

Linked issues

Checklist

hide

TestRail: Results

Activity

Show:

Craig McNallyAugust 27, 2019 at 5:13 PM

also verified via some manual UI testing...

NOTE: this is outside the scope of this story, just an observation for discussion...

if trying to access an invoice by ID that is assigned to a unit you're not a member of, the third pane displays the three dot "spinner" indefinitely. This isn't terrible, but we might consider displaying an explicit error to the user. Otherwise it might be unclear if the request is just taking a long time or what... This is an edge case and likely wouldn't be encountered, so if we do pursue this it's probably very low priority...

Craig McNallyAugust 27, 2019 at 5:00 PM

Verified on folio-testing via API tests:

Piotr KalashukAugust 22, 2019 at 8:14 AM

The API tests are available in PR #285

Piotr KalashukAugust 22, 2019 at 8:13 AM

Part 4. Clean up

Delete invoices

Delete acq units

Go to UI by admin and delete all created units

Delete users

Piotr KalashukAugust 22, 2019 at 8:10 AM

Part 3. Get records by id

Note: to simplify comment only status code for success response is added; status code + response body for failure cases

Get invoices by id

User 1

Order	Request	Response
1
2
3
4

User 2

Order	Request	Response
1
2
3
4

User 3

Order	Request	Response
1
2
3
4

User 4

Order	Request	Response
1
2
3
4

Get invoice lines by id

User 1

Order	Request	Response
1
2
3
4

User 2

Order	Request	Response
1
2
3
4

User 3

Order	Request	Response
1
2
3
4

User 4

Order	Request	Response
1
2
3
4

Done

Details
Assignee
Craig McNally
Reporter
Craig McNally
Tester Assignee
Craig McNally
Labels
acq-demo70-71acquisitions
Priority
P3
Story Points
2
Sprint
None
Development Team
Thunderjet
Parent
UXPROD-1147 CRUD for Teams and addition of teams assignment to objects in various FOLIO apps
Fix versions
2.0.0
TestRail: Cases
Open TestRail: Cases
TestRail: Runs
Open TestRail: Runs

Created June 20, 2019 at 8:10 PM

Updated September 4, 2019 at 2:30 PM

Resolved August 27, 2019 at 5:13 PM

TestRail: Cases

TestRail: Runs

Restrict search/view of invoice, invoiceLine records based upon acquisitions unit

Description

Environment

Potential Workaround

Attachments

Linked issues

clones

has to be done after

relates to

Checklist

TestRail: Results

Activity

Craig McNallyAugust 27, 2019 at 5:13 PM

Craig McNallyAugust 27, 2019 at 5:00 PM

Piotr KalashukAugust 22, 2019 at 8:14 AM

Piotr KalashukAugust 22, 2019 at 8:13 AM

Part 4. Clean up

Delete invoices

Delete acq units

Delete users

Piotr KalashukAugust 22, 2019 at 8:10 AM

Part 3. Get records by id

Get invoices by id

User 1

User 2

User 3

User 4

Get invoice lines by id

User 1

User 2

User 3

User 4

Details

Assignee

Reporter

Tester Assignee

Labels

Priority

Story Points

Sprint

Development Team

Parent

Fix versions

TestRail: Cases

TestRail: Runs