Add permission-guards for each settings page
Description
Environment
Potential Workaround
blocks
is blocked by
Checklist
hideTestRail: Results
Activity
Mike Taylor September 1, 2017 at 11:20 PM
Finally, the guard-permissions in ui-users also already contained the necessary sub-permissions; but it was worth looking, because while I was there, I found another mis-named permission, which I superseded with a correctly named one, making the old one an alias.
So I think we're all done here.
Mike Taylor September 1, 2017 at 10:54 PM
And of course the settings page guard-permissions in ui-developer need no low-level permissions, since everything they do is client-side.
Mike Taylor September 1, 2017 at 10:53 PM
Also those in ui-circulation
Mike Taylor September 1, 2017 at 10:48 PM
I fixed this for the ui-organization entries.
Looks like the permissions in ui-items were already OK.
Mike Taylor September 1, 2017 at 4:58 PM
All four of the still-open blocking issues are now done, in the sense that the settings pages correctly block on the relevant permissions. What does not yet work right is that those permissions do not yet confer all the necessary low-level permissions for the user to actually use the relevant settings pages.
I will fix that before closing those issues (and then this one).
The
<Settings>component includes a facility where each entry in a module's settings list can include a permission which the user must have in order to see the associated settings page: for example, in ui-users, the "Permission sets" settings page is only visible if the user has theperms.permissions.getpermission.However, at present, almost none of the settings entries have permission guards. We should add them in:
ui-circulation
ui-developer (perhaps)
ui-items
ui-organization
ui-users