[UXPROD-4344] Need new permission(s) to view all Users settings in UI Created: 27/Jan/23 Updated: 30/Nov/23 Resolved: 10/Aug/23 |
|
| Status: | Closed |
| Project: | UX Product |
| Components: | None |
| Affects versions: | None |
| Fix versions: | Poppy (R2 2023) |
| Type: | New Feature | Priority: | P3 |
| Reporter: | Samuel Lemon | Assignee: | Amelia Sutton |
| Resolution: | Done | Votes: | 0 |
| Labels: | permissions, support, ui-only, usermanagement | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original estimate: | Not Specified | ||
| Attachments: |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Issue links: |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Release: | Poppy (R2 2023) | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Front End Estimate: | XL < 15 days | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Front End Estimator: | Priyanka Terala | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Back End Estimate: | Out of scope | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Development Team: | Volaris | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| PO Rank: | 0 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description |
|
Current situation or problem: With the existing permissions, we are unable to make it so a user can view/export data but not edit the Users settings. New permissions are needed to let an user just view Users ant settings and not be able to edit. In scope:
Interested Parties: Sobha Duvvuri Anya Tim Auger Irina Pokhylets Proposed changes (added 06-27-2023 by Erin Nettifee) Rename and make invisible
Rename
Make invisible
Create new permission(s)
Keep existing permission
|
| Comments |
| Comment by Priyanka Terala [ 17/May/23 ] | ||||
|
Hi Tim Auger Irina Pokhylets Below is my proposal. Could you please confirm if this is fine with you?
Left Blue bordered Box - Fee/fine section from Settings > UsersRight grey background box -Permission name and Display Name associated with each setting page.Summary -Permission name and display name in blue font is that of "Manual charges" setting page. My proposal is to rename them as below -
Why?
This will help maintain clean naming conventions too. This doesn't call for any BE changes. Purely FE. cc Gurleen Kaur1 Arghya Mitra Steve Ellis
| ||||
| Comment by Tim Auger [ 18/May/23 ] | ||||
|
Yes, Priyanka Terala and Irina Pokhylets I agree with this approach. | ||||
| Comment by Priyanka Terala [ 22/May/23 ] | ||||
|
Thank you for the approval Tim Auger | ||||
| Comment by Priyanka Terala [ 24/May/23 ] | ||||
|
Nika Mindadze Changes are available on snapshot. Please verify. | ||||
| Comment by Irina Pokhylets [ 26/May/23 ] | ||||
|
Tim Auger Currently, for administrating the Bursar export configuration the “ui-plugin-bursar-export.bursur-export.all” permission should be assigned to a user and the permission for Bursar configuration view only does not exist. The questions:
Also, we found that “settings.transfertypes” permission is useless from the code perspective. If this permission is assigned, it doesn’t reflect any changes on UI. For displaying the "Transfer criteria" page is responsible “Bursar admin” permission. So we would like to clean up the code related to it. Do you have objections? CC: Priyanka Terala | ||||
| Comment by Tim Auger [ 26/May/23 ] | ||||
|
Hi Priyanka Terala . Zero objections. Your points make sense.
>>TA: I would prefer to have it, yes.
>>TA: I think so. Do you have concerns about it? | ||||
| Comment by Priyanka Terala [ 29/May/23 ] | ||||
|
Tim Auger Irina Pokhylets Thank you
| ||||
| Comment by Irina Pokhylets [ 01/Jun/23 ] | ||||
|
The stories
| ||||
| Comment by Nika Mindadze [ 04/Jun/23 ] | ||||
|
Priyanka Terala issues were identified during testing, While trying to edit different settings, we get errors on save buttons, we are unable to edit the settings, however it would be more neat to disable edit buttons and not get errors. I also attached recording | ||||
| Comment by Priyanka Terala [ 05/Jun/23 ] | ||||
|
Hi Nika Mindadze , | ||||
| Comment by Irina Pokhylets [ 07/Jun/23 ] | ||||
|
The newly added “Setting (Users): View all settings” permission does not allow users to save changes in User settings configuration. But users still can edit configuration forms, and some other controls are available such as delete, add new, etc. If a user changes the configuration and clicks Save, then various errors appear. Because the work is not complete it can’t be released. Was made a decision to roll back the “Setting (Users): View all settings” permission and return to it when the feature will be prioritized. The preliminary front-end estimation for the feature is XL. | ||||
| Comment by Erin Nettifee [ 20/Jun/23 ] | ||||
|
Hi all - has this been discussed with the RA SIG? It looks like between Orchid and today 16 new permissions were added, but many of them are just functionally not needed. Like, a library that is managing fines would not grant view permissions to settings one by one - generally someone would have view access to everything, or edit access to everything. The users permissions list is already VERY long and this has just made it longer. I fully recognize that users permissions need cleanup, but in my opinion this should be rolled back and the work should be approached through a SIG conversation to better understand what is actually needed. The body of this ticket doesn't have enough information to describe what the actual business need is from the library that reported the problem. | ||||
| Comment by Amelia Sutton [ 21/Jun/23 ] | ||||
|
Irina Pokhylets I agree with Erin Nettifee that adding individual permissions for viewing each section of Users settings is excessive and, in my reading, is out of scope for this feature. From what I understood in our meeting this morning it might require more time than we have remaining for the Poppy release to roll this back. Since we cannot move to release with this feature incomplete, would it be possible to include only the "Settings (Users): View all settings" permission and not the individual "Settings (Users): Can view [some category] settings"? Alternatively could those more granular permissions be made invisible? I can still create the stories for which controls would need to be disabled to resolve the errors that are currently occurring in each section, but I don't want to create this many new permissions without bringing this issue to the RA and UM SIGs | ||||
| Comment by Erin Nettifee [ 21/Jun/23 ] | ||||
|
Hi Amelia Sutton - I'm going to look at this and suggest consolidating the permissions that were created as a first step. There's a lot of history here from work that Holly Mistlebauer did that I need to piece through.... | ||||
| Comment by Erin Nettifee [ 22/Jun/23 ] | ||||
|
I have asked the RA SIG for input and Amelia has passed that over to UM SIG for input. I also have a draft proposal for how to fix some of the issues here by condensing permissions. I don't think we will need to do any work that would require significant code rollbacks, but there is a lot of cleanup to do with permission naming and organization. | ||||
| Comment by Erin Nettifee [ 27/Jun/23 ] | ||||
|
Hi Irina Pokhylets Amelia Sutton et al - the circ POs have reviewed a proposal to clean this up that involves some significant renaming and grouping to create new permissions, but does not involved changing any of the forms / code work that was done, so my hope is that not as arduous to put these changes in place. I've added the proposed changes to the body of the jira — they are listed by the display name since I pulled the list from the UI, but I can pull the individual permission actual names if you need them. | ||||
| Comment by Irina Pokhylets [ 12/Jul/23 ] | ||||
|
Hi, | ||||
| Comment by Erin Nettifee [ 12/Jul/23 ] | ||||
|
Irina Pokhylets I want to make sure your team is aware of the work that Bama is doing on the transfer criteria page - https://folio-org.atlassian.net/browse/UXPROD-3903 - I don't know if it's going to make Poppy or not, but it involves some fairly significant changes to the form interface, and I don't want you all to spend a ton of time tweaking the form that's live right now to make it behave for a "view-only" permission. | ||||
| Comment by Irina Pokhylets [ 12/Jul/23 ] | ||||
|
Erin Nettifee, thanks for your comment. We knew about dependency on one PR (
| ||||
| Comment by Erin Nettifee [ 12/Jul/23 ] | ||||
|
Irina Pokhylets a question to help me answer your question For some additional context, this is a screenshot of Bama's rancher of their WIP on the bursar requirements, so you see what I mean about implementing significant UI changes: | ||||
| Comment by Amelia Sutton [ 10/Aug/23 ] | ||||
|
I have confirmed both the functionality of the new "Settings (Users): View all settings" permission as well as the changes to visibility and naming for other permissions. Note that I changed a couple of things under Keep existing permissions section. I removed the word 'all' from the permission name as that did not align with the existing permission and was likely a typo. I also struck the “Settings (Users): Can view transfer criteria” permission from the list of included permissions as the creation of that permission was closed as "won't do". Beyond these two changes that were not related to the functionality I have confirmed this feature in snapshot so I am closing the ticket. |