Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

[SPIKE] [ECS Eureka bufest]: Error at checkout with secure cross-tenant request workflow

Description

Overview: After following workflow steps to create a secure mediated cross-tenant request, when trying to check out the item to the secure patron, an "access denied" error occurs

Steps to Reproduce:

  1. Log into some FOLIO ECS Eureka bugfest as ecs_admin

  2. In the Secure tenant, place and confirm a Mediated request

  3. Switch tenant affiliation to Lending tenant and select a service point other than the Interim service point

  4. Check Item in via Lending tenant using Check in app.

    1. Item sent In transit to “Interim service point”

  5. Change your affiliation back to Secure

  6. Navigate to the Mediated requests app and ensure Service point is set to Interim.

  7. Using the Mediated requests activities dropdown on the left, select Confirm item arrival.

  8. Scan or manually enter item barcode information into box and click Enter.

  9. Review the details of the loan that should be displayed in a list below the item barcode entry field.

  10. Ensure the Mediated request status has updated to “Open - Item arrived”

  11. Navigate to the Mediated requests app

  12. Using the Mediated requests activities dropdown on the left, select “Send item in transit”.

  13. Scan or manually enter Item barcode click Enter

  14. Ensure the Mediated request status has updated to “Open - In transit to be checked out”.

  15. In the Secure tenant, use the Check in app. to check the Item in at the designated Pickup service point

  16. Use the Check out app. to check the Item out to the patron upon either pickup or delivery

Expected Results: The item is checked out

Actual Results: Item not checked out: Access Denied error recieved

Additional Information:
I did not have time to troubleshoot this at all. I was trying to make a recording of a successful secure circulation workflow when this came up. I've attached the recording and screenshot error.

Interested parties:

Environment

None

Potential Workaround

None

Attachments

4

Checklist

hide

Activity

Show:

Roman Barannyk 2 days ago

It was discovered that Keycloak rejects the request sent to mod-circulation-bff:

2025-03-27 13:01:10,015 WARN  [org.fol.sid.ser.ErrorHandler] (vert.x-eventloop-thread-0) Sending error response for [method: POST, uri: /mod-circulation-bff/circulation-bff/loans/check-out-by-barcode]: type = ForbiddenException, message = Access Denied 

2025-03-27 13:01:10,015 ERROR [org.fol.sid.int.key.fil.KeycloakAuthorizationFilter] (vert.x-eventloop-thread-0) Authorization failed: io.quarkus.security.ForbiddenException: Access Denied

This occurs because the permission "circulation-bff.loans.check-out-by-barcode.execute" is missing on Eureka Bugfest. However, it was included starting from ui-checkout version v11.0.3:

Details

Assignee

Reporter

Priority

Story Points

Sprint

Development Team

Vega

TestRail: Cases

Open TestRail: Cases

TestRail: Runs

Open TestRail: Runs

Created March 21, 2025 at 1:21 PM
Updated 2 days ago
TestRail: Cases
TestRail: Runs