<!-- 
RSS generated by JIRA (1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d) at Fri Feb 09 00:30:03 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary add field=key&field=summary to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>FOLIO Jira</title>
    <link>https://folio-org.atlassian.net</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>1001.0.0-SNAPSHOT</version>
        <build-number>100246</build-number>
        <build-date>07-02-2024</build-date>
    </build-info>

<item>
            <title>[UIU-2256] Changes to &quot;Users: User loans view, edit, renew (all)&quot; permission set (ui-users.loans.all)</title>
                <link>https://folio-org.atlassian.net/browse/UIU-2256</link>
                <project id="10131" key="UIU">ui-users</project>
                    <description>&lt;p&gt;The permission set &lt;b&gt;ui-users.loans.all&lt;/b&gt; needs to be adjusted to make it more clear what it actually does and to better reflect what the RA SIG would actually use this for when assigning permissions.&#160;&lt;/p&gt;
&lt;ul&gt;
	&lt;li&gt;Subpermission changes: remove ui-users.loans.edit and add ui-users.loans.change-due-date
	&lt;ul&gt;
		&lt;li&gt;(It appears that ui-users.loans.edit was renamed to ui-users.loans.change-due-date in December 2020 - &lt;a href=&quot;https://github.com/folio-org/ui-checkout/pull/566&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://github.com/folio-org/ui-checkout/pull/566&lt;/a&gt; - but the change did not happen in ui-users.loans.all)&lt;/li&gt;
	&lt;/ul&gt;
	&lt;/li&gt;
	&lt;li&gt;Remove from ui-users.loans.all the ability to:
	&lt;ul&gt;
		&lt;li&gt;declare an item lost&lt;/li&gt;
		&lt;li&gt;mark an item claim returned&lt;/li&gt;
		&lt;li&gt;mark a claim returned item missing&lt;/li&gt;
		&lt;li&gt;anonymize a user&apos;s loans&lt;/li&gt;
		&lt;li&gt;renew an item through override&#160;&lt;/li&gt;
	&lt;/ul&gt;
	&lt;/li&gt;
	&lt;li&gt;Change the display name (and associated translations) for ui-users.loans.all to &quot;Users: User loans view, change due date, renew&quot;&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;We will defer to developers on whether to rename the actual permission name to remove the &lt;b&gt;.all&lt;/b&gt; portion of the name or to leave it as-is.&lt;/p&gt;
&lt;h4&gt;&lt;a name=&quot;Usecases%3A&quot;&gt;&lt;/a&gt;&lt;b&gt;Use cases:&lt;/b&gt;&lt;/h4&gt;

&lt;p&gt;A library has four types of circulation staff - student workers, senior student workers, full-time staff, and managers.&lt;/p&gt;
&lt;ul&gt;
	&lt;li&gt;Student workers should be able to view and renew loans.&#160;&lt;/li&gt;
	&lt;li&gt;Senior student workers should be able to do everything a student worker can do + change a due date.&lt;/li&gt;
	&lt;li&gt;Full time staff should be able to do everything a senior student worker can do + declare an item lost and renew an item through override.&lt;/li&gt;
	&lt;li&gt;Managers should be able to do everything full-time staff should be able to do + mark an item claim returned.&lt;/li&gt;
	&lt;li&gt;Only the most senior of the managers&#160;should be able to anonymize loans.&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;Right now,&#160; this scenario &lt;b&gt;is possible&lt;/b&gt; to do, but the naming of the existing permission makes it very easy for SMEs to make mistakes and grant more permissions than desired (particularly with anonymizing.)&lt;/p&gt;

&lt;p&gt;In general, having the idea of editing a loan in a permission name will always be confusing to RA SMEs - they would not think of the work they do with loans as editing loans, they would use the terminology of the specific workflows instead. E.g., they would say &quot;I marked a loan missing&quot; rather than &quot;I edited the loan record to change the item status to missing,&quot; even though the latter is what they are actually doing.&lt;/p&gt;

&lt;p&gt;This was discussed at the RA SIG on 7-26-2021 and they agreed to this path; &lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=5f5241b9fcaf93003b5bee25&quot; class=&quot;user-hover&quot; rel=&quot;5f5241b9fcaf93003b5bee25&quot; data-account-id=&quot;5f5241b9fcaf93003b5bee25&quot; accountid=&quot;5f5241b9fcaf93003b5bee25&quot; rel=&quot;noreferrer&quot;&gt;patty.wanninger&lt;/a&gt;&#160;indicated that RA could make the decision on this since these are loans permissions.&lt;/p&gt;

&lt;p&gt;&#160;&lt;/p&gt;</description>
                <environment></environment>
        <key id="43198">UIU-2256</key>
            <summary>Changes to &quot;Users: User loans view, edit, renew (all)&quot; permission set (ui-users.loans.all)</summary>
                <type id="10005" iconUrl="https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10309?size=medium">Story</type>
                                            <priority id="10001" iconUrl="https://dev.folio.org/assets/jira-priority/jira-p2.svg">P2</priority>
                        <status id="6" iconUrl="https://folio-org.atlassian.net/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="green"/>
                                    <resolution id="10003">Done</resolution>
                                                        <assignee accountid="557058:63e17413-51f9-4a7c-910b-544728833e0f">Matt Connolly</assignee>
                                                                <reporter accountid="5c48911b54e1e6466b11f38c">Erin Nettifee</reporter>
                                    <labels>
                    </labels>
                <created>Wed, 21 Jul 2021 13:51:23 +0000</created>
                <updated>Fri, 4 Mar 2022 21:43:20 +0000</updated>
                            <resolved>Thu, 27 Jan 2022 13:26:50 +0000</resolved>
                                                    <fixVersion>7.1.0</fixVersion>
                                        <due></due>
                            <votes>0</votes>
                                    <watches>5</watches>
                                                                <comments>
                                                            <comment id="92403" author="557058:63e17413-51f9-4a7c-910b-544728833e0f" created="Thu, 7 Oct 2021 19:31:10 +0000"  >&lt;p&gt;&lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=5c48911b54e1e6466b11f38c&quot; class=&quot;user-hover&quot; rel=&quot;5c48911b54e1e6466b11f38c&quot; data-account-id=&quot;5c48911b54e1e6466b11f38c&quot; accountid=&quot;5c48911b54e1e6466b11f38c&quot; rel=&quot;noreferrer&quot;&gt;Erin Nettifee&lt;/a&gt;&#160;After discussing this with some of the other devs, it seems best not to try to change the actual permission name here; changing an existing permission name would probably have undesirable effects for users who already have that permission. Changing the display label isn&apos;t a problem, though.&#160;&lt;/p&gt;

&lt;p&gt;But it&apos;s a bit odd to have a permission named *.all with a reduced set of sub-permissions. What if we were to leave the original loans.all permission as-is, with a new label that is less confusing, and then create a new permission with the reduced set of abilities as outlined in the issue description above &#8211; named something like loans.manage, perhaps? If that doesn&apos;t seem sensible, then I suppose we could just live with the discrepancy between the *.all name and what it actually signifies. What do you think?&lt;/p&gt;

&lt;p&gt;&#160;&lt;/p&gt;</comment>
                                                            <comment id="92406" author="5c48911b54e1e6466b11f38c" created="Thu, 7 Oct 2021 19:54:57 +0000"  >&lt;p&gt;&lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=557058%3A63e17413-51f9-4a7c-910b-544728833e0f&quot; class=&quot;user-hover&quot; rel=&quot;557058:63e17413-51f9-4a7c-910b-544728833e0f&quot; data-account-id=&quot;557058:63e17413-51f9-4a7c-910b-544728833e0f&quot; accountid=&quot;557058:63e17413-51f9-4a7c-910b-544728833e0f&quot; rel=&quot;noreferrer&quot;&gt;Matt Connolly&lt;/a&gt; - yah, that&apos;s the challenge here, right? Which I think we discussed with the group when it was pointed, and I offered to take the lead on communicating about it with implementers and making sure there was a note about the permissions change in the release notes. Since the SMEs most likely to need the permission were OK with having to deal with the change, it seemed like it was OK to do even though it&apos;s technically a breaking change.&lt;/p&gt;

&lt;p&gt;The problem was trying to figure out how to communicate what was included in ui-users.loans.all w/o making a display label so long it would wraparound in typical UIs. If I say something like &quot;Users: Loans (All Permissions),&quot; I&apos;m not sure it&apos;s totally clear in that context what exactly you&apos;re giving someone the ability to do, and without an additional UI piece to describe it better (see &lt;a href=&quot;https://folio-org.atlassian.net/browse/UXPROD-3159&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://folio-org.atlassian.net/browse/UXPROD-3159&lt;/a&gt;), you&apos;re still relying on people knowing how to go to github to understand, for example, that all includes overrides. &lt;/p&gt;

&lt;p&gt;I also see some desirability in the fact that the change &lt;b&gt;would&lt;/b&gt; break permissions, since I think it would make it clear to libraries that people had had additional permissions that they may or may not have been meant to have. Though that&apos;s likely not fair to libraries who are actually in production and have to deal with the breaking, so...&lt;/p&gt;

&lt;p&gt;Which is all to say - I get what you&apos;re saying, but unless you have ideas about a way to name ui-loans.all to reflect all the stuff that&apos;s in it, I think the SIG would still prefer to have the set reduced to lessen the risk of giving more perms than people should get. Maybe this is what code comments are for? ��&lt;/p&gt;</comment>
                                                            <comment id="92411" author="5c48911b54e1e6466b11f38c" created="Thu, 14 Oct 2021 17:46:05 +0000"  >&lt;p&gt;&lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=557058%3A63e17413-51f9-4a7c-910b-544728833e0f&quot; class=&quot;user-hover&quot; rel=&quot;557058:63e17413-51f9-4a7c-910b-544728833e0f&quot; data-account-id=&quot;557058:63e17413-51f9-4a7c-910b-544728833e0f&quot; accountid=&quot;557058:63e17413-51f9-4a7c-910b-544728833e0f&quot; rel=&quot;noreferrer&quot;&gt;Matt Connolly&lt;/a&gt; - just want to make sure I haven&apos;t missed anything, is this ready for testing?&lt;/p&gt;</comment>
                                                            <comment id="92414" author="557058:63e17413-51f9-4a7c-910b-544728833e0f" created="Thu, 14 Oct 2021 19:07:39 +0000"  >&lt;p&gt;&lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=5c48911b54e1e6466b11f38c&quot; class=&quot;user-hover&quot; rel=&quot;5c48911b54e1e6466b11f38c&quot; data-account-id=&quot;5c48911b54e1e6466b11f38c&quot; accountid=&quot;5c48911b54e1e6466b11f38c&quot; rel=&quot;noreferrer&quot;&gt;Erin Nettifee&lt;/a&gt;&#160;Yes, it should be!&lt;/p&gt;</comment>
                                                            <comment id="92417" author="5c48911b54e1e6466b11f38c" created="Tue, 4 Jan 2022 15:57:35 +0000"  >&lt;p&gt;I apologize for losing track of this and not testing it, &lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=557058%3A63e17413-51f9-4a7c-910b-544728833e0f&quot; class=&quot;user-hover&quot; rel=&quot;557058:63e17413-51f9-4a7c-910b-544728833e0f&quot; data-account-id=&quot;557058:63e17413-51f9-4a7c-910b-544728833e0f&quot; accountid=&quot;557058:63e17413-51f9-4a7c-910b-544728833e0f&quot; rel=&quot;noreferrer&quot;&gt;Matt Connolly&lt;/a&gt; and &lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=557058%3Aa957226f-df85-4fc8-97f4-8b27a26029ed&quot; class=&quot;user-hover&quot; rel=&quot;557058:a957226f-df85-4fc8-97f4-8b27a26029ed&quot; data-account-id=&quot;557058:a957226f-df85-4fc8-97f4-8b27a26029ed&quot; accountid=&quot;557058:a957226f-df85-4fc8-97f4-8b27a26029ed&quot; rel=&quot;noreferrer&quot;&gt;Holly Mistlebauer&lt;/a&gt;. I tested today on Snapshot. &lt;/p&gt;

&lt;p&gt;2 issues found:&lt;/p&gt;

&lt;p&gt;1) I can select the Claim Returned button on the open loan screen, and I shouldn&apos;t be able to click on it:&lt;/p&gt;

&lt;p&gt; &lt;span class=&quot;image-wrap&quot; style=&quot;&quot;&gt;&lt;a id=&quot;30890_thumb&quot; href=&quot;/rest/api/3/attachment/content/30890&quot; title=&quot;screenshot-1.png&quot; file-preview-type=&quot;image&quot; file-preview-id=&quot;30890&quot; file-preview-title=&quot;screenshot-1.png&quot;&gt;&lt;jira-attachment-thumbnail url=&quot;https://folio-org.atlassian.net/rest/api/3/attachment/thumbnail/30890?default=false&quot; jira-url=&quot;https://folio-org.atlassian.net/rest/api/3/attachment/thumbnail/30890&quot; filename=&quot;screenshot-1.png&quot;&gt;&lt;img src=&quot;https://folio-org.atlassian.net/rest/api/3/attachment/thumbnail/30890&quot; data-attachment-name=&quot;screenshot-1.png&quot; data-attachment-type=&quot;thumbnail&quot; data-media-services-id=&quot;b0cfe400-d8b7-4f6a-bdeb-c71441df0c2f&quot; data-media-services-type=&quot;file&quot; style=&quot;border: 0px solid black&quot; /&gt;&lt;/jira-attachment-thumbnail&gt;&lt;/a&gt;&lt;/span&gt; &lt;/p&gt;

&lt;p&gt;2) Renewal fails, with a message in developer tools:&lt;br/&gt;
HTTP request to &quot;http://10.36.1.161:9130/manualblocks&quot; failed, status code: 403, response: &quot;Access requires permission: manualblocks.collection.get&quot;&lt;/p&gt;</comment>
                                                            <comment id="92420" author="557058:63e17413-51f9-4a7c-910b-544728833e0f" created="Mon, 10 Jan 2022 20:39:48 +0000"  >&lt;p&gt;&lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=5c48911b54e1e6466b11f38c&quot; class=&quot;user-hover&quot; rel=&quot;5c48911b54e1e6466b11f38c&quot; data-account-id=&quot;5c48911b54e1e6466b11f38c&quot; accountid=&quot;5c48911b54e1e6466b11f38c&quot; rel=&quot;noreferrer&quot;&gt;Erin Nettifee&lt;/a&gt;, I think I&apos;ve taken care of those problems now. Please try again.&lt;/p&gt;
&lt;ol&gt;
	&lt;li&gt;The Claim Returned button actually was not protected by a permissions check, but I&apos;ve added that now.&lt;/li&gt;
	&lt;li&gt;I think this is probably an older bug that we didn&apos;t catch in testing before, but I&apos;ve added the requisite permission to the .all permissions set.&lt;/li&gt;
&lt;/ol&gt;
</comment>
                                                            <comment id="92423" author="5c48911b54e1e6466b11f38c" created="Tue, 11 Jan 2022 16:47:51 +0000"  >&lt;p&gt;Went on Snapshot to try to retest and unable to get a user password reset to work; asking about it in hosted-ref-envs.&lt;/p&gt;</comment>
                                                            <comment id="92425" author="5c48911b54e1e6466b11f38c" created="Thu, 27 Jan 2022 13:26:40 +0000"  >&lt;p&gt;The password issue on Snapshot was finally resolved today, so I was able to create a test user and validate your changes &lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=557058%3A63e17413-51f9-4a7c-910b-544728833e0f&quot; class=&quot;user-hover&quot; rel=&quot;557058:63e17413-51f9-4a7c-910b-544728833e0f&quot; data-account-id=&quot;557058:63e17413-51f9-4a7c-910b-544728833e0f&quot; accountid=&quot;557058:63e17413-51f9-4a7c-910b-544728833e0f&quot; rel=&quot;noreferrer&quot;&gt;Matt Connolly&lt;/a&gt;. All looks good, so I am closing this ticket.&lt;/p&gt;</comment>
                                                            <comment id="92427" author="5f5241b9fcaf93003b5bee25" created="Fri, 4 Mar 2022 21:43:20 +0000"  >&lt;p&gt;testrails case C350609&lt;/p&gt;
</comment>
                    </comments>
                    <attachments>
                            <attachment id="30890" name="screenshot-1.png" size="67712" author="5c48911b54e1e6466b11f38c" created="Tue, 4 Jan 2022 15:52:29 +0000"/>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10000" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummarycf">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10057" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>Development Team</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10171"><![CDATA[Prokopovych]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10063" key="com.atlassian.jira.plugin.system.customfieldtypes:float">
                        <customfieldname>PO Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10019" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0|i033pr:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                            <customfield id="customfield_10069" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>Rank: Cornell (Full Sum 2021)</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10215"><![CDATA[R3]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10020" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue id="960">Prokopovych - Sprint 131</customfieldvalue>
    <customfieldvalue id="510">Prokopovych - Sprint 132</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10044" key="com.atlassian.jira.plugin.system.customfieldtypes:float">
                        <customfieldname>Story Points</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0.5</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10024" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>[CHART] Date of First Response</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Thu, 7 Oct 2021 19:31:10 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10025" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>[CHART] Time in Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>