Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

User with limited permissions gets an error modal when navigating to the Inventory app (Orchid CSP 5 Clone)

Description

Overview: A user with limited permissions (all Inventory) gets an error modal when navigating to the Inventory app.

Steps to Reproduce:

  1. Log into Snapshot as a user with only all Inventory permissions, including

    • Inventory: Import single bibliographic records

    • Settings (Inventory): Configure single-record import

  2. Go to the Inventory app

  3. Go to the Settings/Inventory/Target profiles and view an existing profile

Expected Results: User can work with the Inventory app and view settings without any errors

Actual Results: User gets an error modal saying "Error: in module @folio/inventory, operation GET on resource ‘jobprofiles’ failed, saying: Access for user ‘${username}’ (${uuid}) requires permission: converter-storage.jobprofile.get”"

Additional Information: When was implemented in Orchid, so that a user can now select from multiple job profiles for ISRI, the permissions set in package.json wasn't updated, `converter-storage.jobprofile.get` should be added to inventory perms (Inventory: Import single bibliographic records and Settings (Inventory): Configure single-record import).

Also, suppress "Import" from 2nd pane action menu and "Overlay source bibliographic record" from 3rd pane if use does not have permission. And suppress the Z39.50 settings section if the user doesn't have the settings permission

Orchid patch details

1. Describe issue impact on business. Users who are only granted inventory-related permissions see a JS alert each time the access the inventory app.
2. What institutions are affected? ALL
3. What is the workaround if exists? Update permissions assigned to every user
4. What areas will be impacted by fix? The inventory app
5. Brief explanation of technical implementation and the level of effort (in workdays) and technical risk (low/medium/high). Add missing permission to existing permission sets. LOE is < 1. Technical risk is low; there is no code change.
6. Brief explanation of testing required and level of effort (in workdays). Provide test plan agreed with by QA Manager and PO. Test access to the inventory app with a user who only has inventory-related permissions.
7. What is the roll back plan in case the fix does not work? Effectively, the fix is to change a permission set from [a, b] to [a, b, c]. Given that package.json permissions are immutable, the new permission could/would have to be remove manually via a direct DB operation.

CSP Request Details

Zak requested on 13 July 2023. 5 approvals as of 25 July 2023 (Mike G, Khalilah, Mark V, Debra H, Harry)

CSP Rejection Details

None

Potential Workaround

Assign the "Data import: Can view only" permission to every user

Attachments

1

Checklist

hide

TestRail: Results

Activity

Show:

Ann-Marie Breaux August 14, 2023 at 4:38 PM

Hi All looks good! Closing this issue

Maksym Ishchenko August 14, 2023 at 4:05 PM

Hello  

Ticket verified on bugfest env. Now no errors appears with ISRI for user using only mentioned permissions. Please doublecheck ticket and closed if it looks good for you

Oleksandr Bashtynskyi August 10, 2023 at 9:00 AM

Deployed to the Orchid bf env. Moved status to In bugfix review from status Awaiting deployment. Please proceed with the verification.

Done

Details

Assignee

Reporter

Labels

Priority

Story Points

Development Team

Folijet

Parent

Fix versions

Release

Orchid (R1 2023) Service Patch #5

CSP Approved

Yes

RCA Group

Missing module permission

Affected releases

Poppy (R2 2023)
Orchid (R1 2023)

Affected Institution

!!!ALL!!!

TestRail: Cases

Open TestRail: Cases

TestRail: Runs

Open TestRail: Runs

Created July 25, 2023 at 1:35 PM
Updated August 14, 2023 at 4:38 PM
Resolved July 25, 2023 at 3:12 PM
TestRail: Cases
TestRail: Runs