Unable to use eholdings on user with highly limited Permissions
Description
CSP Request Details
CSP Rejection Details
Potential Workaround
Attachments
- 29 Aug 2019, 03:24 PM
- 28 Aug 2019, 06:21 PM
has to be done before
relates to
Checklist
hideTestRail: Results
Activity
Sobha Duvvuri August 29, 2019 at 3:36 PMEdited
Some additional details to add:
1. Created a test user in https://folio-testing.aws.indexdata.com
2. username: sduvvuri
3. Assigned all eHoldings related permissions that show in UI(there were 6 on a quick search of eHoldings in plugin) - Observed that UIEH master branch package.json has "displayName": "Settings (eHoldings): display list of settings pages”, and this is not available from quick search of permissions to assign. please see screenshot attached.
4. Then a quick search of permissions for the user ->
https://folio-testing-okapi.aws.indexdata.com/perms/users/d7b79653-806a-42eb-9cad-e05497bf0a82/permissions?full=true&indexField=userIdgives response below:
{
"permissionNames" : [ {
"permissionName" : "ui-eholdings.settings.kb",
"displayName" : "Settings (eHoldings): configure EBSCO RM API credentials",
"id" : "e9b3fc61-5e64-4196-b649-3e8c7d8f555e",
"tags" : [ ],
"subPermissions" : [ "settings.eholdings.enabled" ],
"childOf" : [ ],
"grantedTo" : [ "661cce6e-1281-4d41-bd52-a9c368ec7b5f", "c8c702e1-66fe-4489-8d5f-b51af28eda6a" ],
"mutable" : false,
"visible" : true,
"dummy" : false
}, {
"permissionName" : "ui-eholdings.records.edit",
"displayName" : "eHoldings: Can edit providers, packages, titles detail records",
"id" : "d531f87c-380f-4b0c-a6f7-7ceefc644d85",
"tags" : [ ],
"subPermissions" : [ "kb-ebsco.packages.item.put", "kb-ebsco.resources.item.put", "kb-ebsco.providers.item.put" ],
"childOf" : [ ],
"grantedTo" : [ "661cce6e-1281-4d41-bd52-a9c368ec7b5f", "c8c702e1-66fe-4489-8d5f-b51af28eda6a" ],
"mutable" : false,
"visible" : true,
"dummy" : false
}, {
"permissionName" : "ui-eholdings.titles-packages.create-delete",
"displayName" : "eHoldings: Can create and delete custom packages and titles",
"id" : "bbe1eee1-2410-4ae1-81cf-ac876b0d9333",
"tags" : [ ],
"subPermissions" : [ "kb-ebsco.packages.collection.post", "kb-ebsco.resources.collection.post", "kb-ebsco.titles.collection.post", "kb-ebsco.packages.item.delete", "kb-ebsco.resources.item.delete" ],
"childOf" : [ ],
"grantedTo" : [ "661cce6e-1281-4d41-bd52-a9c368ec7b5f", "c8c702e1-66fe-4489-8d5f-b51af28eda6a" ],
"mutable" : false,
"visible" : true,
"dummy" : false
}, {
"permissionName" : "ui-eholdings.settings.root-proxy",
"displayName" : "Settings (eHoldings): configure root proxy setting",
"id" : "a24aa651-dd1b-44a1-89dd-d9b679856d66",
"tags" : [ ],
"subPermissions" : [ "settings.eholdings.enabled" ],
"childOf" : [ ],
"grantedTo" : [ "661cce6e-1281-4d41-bd52-a9c368ec7b5f", "c8c702e1-66fe-4489-8d5f-b51af28eda6a" ],
"mutable" : false,
"visible" : true,
"dummy" : false
}, {
"permissionName" : "ui-eholdings.package-title.select-unselect",
"displayName" : "eHoldings: Can select/unselect packages and titles to/from your holdings",
"id" : "817dbe89-d705-46ef-8af8-27cb1966f81c",
"tags" : [ ],
"subPermissions" : [ "kb-ebsco.packages.item.put", "kb-ebsco.resources.item.put" ],
"childOf" : [ ],
"grantedTo" : [ "661cce6e-1281-4d41-bd52-a9c368ec7b5f", "c8c702e1-66fe-4489-8d5f-b51af28eda6a" ],
"mutable" : false,
"visible" : true,
"dummy" : false
}, {
"permissionName" : "module.eholdings.enabled",
"displayName" : "UI: eHoldings module is enabled",
"id" : "2b700c3c-94af-4b20-8967-c44db71e2d5b",
"tags" : [ ],
"subPermissions" : [ "kb-ebsco.all" ],
"childOf" : [ ],
"grantedTo" : [ "661cce6e-1281-4d41-bd52-a9c368ec7b5f", "c8c702e1-66fe-4489-8d5f-b51af28eda6a" ],
"mutable" : false,
"visible" : true,
"dummy" : false
} ]
}5. Then login as the new user : sduvvuri
6. On login - there are a few requests that are made and these 3 requests below error out :
https://folio-testing-okapi.aws.indexdata.com/configurations/entries?query=(module=ORG%20and%20configName=localeSettings)Response:
Access requires permission: configuration.entries.collection.gethttps://folio-testing-okapi.aws.indexdata.com/configurations/entries?query=(module=PLUGINS)Response:
Access requires permission: configuration.entries.collection.gethttps://folio-testing-okapi.aws.indexdata.com/configurations/entries?query=(module=ORG%20and%20configName=bindings)Response:
Access requires permission: configuration.entries.collection.getGetting the above permissions should be probably handled by stripes-core: https://github.com/folio-org/stripes-core/blob/27f9ae355af546d6384f8649a1eaeea9c37114bb/src/loginServices.js
but if not - "modulePermissions": ["configuration.entries.collection.get"] should be added to most/all endpoints in mod-kb-ebsco-java - not sure if this is a UI ticket.
Details
Details
Assignee
Reporter
Labels
Priority
P3
1.Create a user.
2. Assign it eholdings permissions. I gave it all eholdings labelled permissions
3.Log in to the new user
4 Click eholdings app
5.Observe screen shot attached
6 bonus step: refresh page; note user is logged out.
This happened with high % reproduction. Approximately 75%+
A few times I was able to actually see the page and interact with eholdings.