Update Status Field to also control access to Folio
Description
As a person responsible for securing my institution's Folio instance I do not want a user with the status = Inactive to have access to Folio Because s/he should no longer have access since s/he may no longer work at the library.
Requirement
This requirement should apply to user logging in with a local username/password combination OR SSO login
AND the status field should continue to prevent a user from checking out items or requesting items.
If the status = Inactive and user attempts to login to Folio then display the following message on the login screen [Access denied. Please contact your Folio system administrator for help.]
Acceptance Criteria Given Folio user A has been set to the status of Inactive When s/he attempts to login to Folio with local username/password OR SSO credentials Then a message [Access denied. Please contact your Folio system administrator for help.] should display on the login screen AND s/he should not be allowed to access Folio. AND s/he should be able to checkout items or request items.
Given Folio user A was set to the status of Inactive AND the Folio system administrator updates user A's status to Active When User A attempts to login to Folio with password currently stored OR SSO credentials Then s/he should be allowed access to Folio
Given Folio user B was created and set to the status of Active When Folio user B attempts to login to Folio with password currently stored OR SSO credentials Then s/he should be allowed access to Folio
, thank you for the details. I like to change the error message returned by the module. So should I close this user story and create another user story for mod-login to update the error message?
Zak Burke September 5, 2018 at 1:32 PM
The easiest thing may be to change the error message returned by the backend module, and continuing to show that message directly on the front end. Putting the errorMessage text into the translation file is not significant work, but it sets precedent for handling of translatable value from the back end and we may want to push off that decision until we're really prepared to address it.
Khalilah Gambrell September 5, 2018 at 12:13 PM
Edited
, thanks for the details. Is it significant work to do the immediate fix? Will there be significant refactor to do the immediate work and then the work described in UXPROD-371?
As a person responsible for securing my institution's Folio instance
I do not want a user with the status = Inactive to have access to Folio
Because s/he should no longer have access since s/he may no longer work at the library.
Requirement
This requirement should apply to user logging in with a local username/password combination OR SSO login
AND the status field should continue to prevent a user from checking out items or requesting items.
If the status = Inactive and user attempts to login to Folio then display the following message on the login screen [Access denied. Please contact your Folio system administrator for help.]
Acceptance Criteria
Given Folio user A has been set to the status of Inactive
When s/he attempts to login to Folio with local username/password OR SSO credentials
Then a message [Access denied. Please contact your Folio system administrator for help.] should display on the login screen AND s/he should not be allowed to access Folio.
AND s/he should be able to checkout items or request items.
Given Folio user A was set to the status of Inactive
AND the Folio system administrator updates user A's status to Active
When User A attempts to login to Folio with password currently stored OR SSO credentials
Then s/he should be allowed access to Folio
Given Folio user B was created and set to the status of Active
When Folio user B attempts to login to Folio with password currently stored OR SSO credentials
Then s/he should be allowed access to Folio
Screenshot