[UIU-2410] Issues with a permission set which includes a hidden permission Created: 12/Aug/21  Updated: 06/Dec/23  Resolved: 01/Sep/21

Status: Closed
Project: ui-users
Components: None
Affects versions: None
Fix versions: None

Type: Bug Priority: P2
Reporter: Debra Howell Assignee: Unassigned
Resolution: Won't Do Votes: 0
Labels: Support
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original estimate: Not Specified

Issue links:
Relates
relates to UIU-2409 warn when changing permissions will r... Closed
Sprint: Prokopovych - Sprint 122
Development Team: Prokopovych
Potential Workaround: In order to add a standard permission without losing the hidden permission, I need to first go to Settings/Developer/Configuration and put a checkmark for List “invisible” permissions in add-perm menus.
Affected Institution:
Cornell

 Description   

Overview:
Steps to Reproduce:

  1. Log into Snapshot and/or Cornell FOLIO
  2. Open a permission set which includes a hidden permission
    1. If I edit this permission set, removing a standard “visible” permission, the hidden permission remains.  That’s expected.
    2. If I edit the set, ADDing a standard permission, the hidden permission is removed.  That’s not expected!

 

Expected Results: 

See above

Actual Results:

See above example

Additional Information:
URL:
Interested parties:



 Comments   
Comment by Anya [ 16/Aug/21 ]

Support - we think that Zak Burke needs to look into this. 

 

IT should be possible to inform users that there are hidden permissions - that will be lost if the set or the users are changed... 

 

Debra Howell and Zak Burke will work on this to flush out steps to recreate 

Comment by Zak Burke [ 30/Aug/21 ]

Debra Howell, Amy Blumenthal: The real problem here is that hidden permissions should never be part of a permission set and as such it's very tempting to close this as "Won't fix". In other words, this ticket describes a symptom, but it is not the actual problem. If such permission are necessary to accomplish a task, that is an indication of a misconfigured pset elsewhere (as noted on Slack, multiple times), probably in a ui-app's package.json file, and we should file bugs accordingly.

For the record, here's an explanation of the current form behavior. Given a permission-set composed of the visible permissions A, B, and C, as well as the hidden permissions X, Y, and Z, the full list looks like [A, B, C, X, Y, Z]. When editing a pset, only A, B, and C will be visible in the accordion, but the form's cache contains the full list [A, B, C, X, Y, Z].

Clicking the X to remove a permission removes it from the form's cache, so removing A results in [B, C, X, Y, Z].

Clicking the "Add permission" button opens the "Select permissions" modal, which receives a list of all visible permissions, plus the currently-assigned permissions from the cache. Adding F and removing A in the dialog adds and removes them from its list of assigned permissions. Clicking the dialog's "Save and close" button calls a function that takes the intersection of visible permissions and assigned permissions, resulting in a list like [B, C, F], i.e. all hidden permissions are removed. We could pass the modal a list of all permissions, instead of only the visible permissions, but then these extremely granular permissions which are not supposed to be user-assignable would become user-assignable.

I will grant, however, that this is a lousy user experience. If we leave the dialog as-is, receiving only visible permissions, we could provide an alert/warning/something when saving the changes would remove hidden permissions. I filed UIU-2409 Closed for that feature but have not assigned it a priority.

Comment by Amy Blumenthal [ 31/Aug/21 ]

Zak, thank you for your reply and explanation of why things work the way they do.  

It would be very helpful to have an alert when saving the changes would remove hidden permissions.  This will be especially important when more staff here participate in the creation and editing of permission sets.  I'm writing up documentation, but not everyone is going to remember this "gotcha" of permissions being removed.  And with longer permission sets it may not even be noticed - until a department reports that a key feature they need isn't working anymore.

And to be clear - we are submitting bug reports or enhancement requests when we run into a situation where a hidden permission fills a gap.

Thank you for filing UIU-2409 Closed - I'll keep an eye on that!

Comment by Debra Howell [ 31/Aug/21 ]

Zak Burke I appreciate the thoughtful investigation and education on how this works! It is ok with me if this is Closed as "Will Not Do" now. Thanks!

Comment by Zak Burke [ 01/Sep/21 ]

Replaced by UIU-2409 Closed

Generated at Fri Feb 09 00:30:16 UTC 2024 using Jira 1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d.