Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Can view the proxy/sponsor accordion without the permission Users: can view proxies assigned to users.

Description

The Proxy/sponsor accordion is showing even if the user does not have the specific "Users: can view proxy relationships."
A user with the following permissions can see the proxy/sponsor accordion. It can be opened but not edited by the user.
Check in: All permissions
Check out: All permissions
Check out: Check out circulating items
Check out: View fees/fines
Check out: View loans
Check out: View request

It looks to me like these checkout permissions include the views that were previously separately permissioned.

CSP Request Details

None

CSP Rejection Details

None

Potential Workaround

None

Checklist

hide

TestRail: Results

Activity

Show:

Brooks TravisJanuary 12, 2022 at 2:37 PM

I don't know that I ever really paid that much attention to whether the proxies accordion appeared on a user record, but it makes sense, to me, that they would be visible, since the permission to "view" proxies is required to perform check out. I guess we could ask them to put an explicit check for the "Users: can view proxy relationships" permission in the UI for the accordion (I believe it currently checks for the sub-permission "proxiesfor.collection.get", which is a sub-permission of "Check out: All permissions", on top of the "Users: Can view  user profile" permission). If a user only has permissions to view the user profile, but not check out items, then they shouldn't see the proxies.

Won't Do

Details

Assignee

Reporter

Labels

Priority

Development Team

Prokopovych

TestRail: Cases

Open TestRail: Cases

TestRail: Runs

Open TestRail: Runs

Created July 24, 2021 at 8:19 PM
Updated March 16, 2023 at 11:52 PM
Resolved March 16, 2023 at 11:52 PM
TestRail: Cases
TestRail: Runs

Flag notifications