ERM Permissions Handling

Owned by Jag Goraya
Last updated: Mar 01, 2023 by Owen Stephens
9 min read
Status
NOT STARTED
Stakeholders

Owen Stephens Claudia Malzer Ethan Freestone Marc Johnson 

Outcome
Due date
Owner
Jag Goraya 

Background

Currently we have  a flat set of permissions for the module settings, when realisitically we should have a heirachical model like the rest of our modules and FOLIO. Many of the standard FOLIO Stripes components expect a single permission to be passed in as a string, so a multi-permission list for an action in a flatter structure is not always feasible.

In addition, changes were made historically to the "special" "settings.agreements.enabled", providing that with more power than it should ever have had access to. The "correct" model is likely another set of permissions sat above  that base permission with any extra permissions granted via those. However the FOLIO model for "editing" permissions appears to be deprecation and recreation with a unique name, which is not possible for these "special" permissions that have conventional names throughout FOLIO.

We are then in a position where a special permission needs editing and no clear way to go about that. In addition, we have developer experience that points to the development workflow around editing/removing/creating new permissions being at best clunky and unclear, and at worst downright opaque and impossible.

Desired permissions for settings

The question of how permissions are handled in ERM was raised when we started to look at implementing a set of "view only" options for settings across ERM modules (Agreements, Local KB Admin, Licenses). The table here describes the desired settings that we want to implement

Permission description

Backend behaviour

UI behaviour

Notes

View only permission for Settings -> Agreements -> Display settings 

Can read the settings for Agreements as (currently) managed via mod-config

User can navigate Settings -> Agreements 
In this screen user sees “Display settings” option in under the “General” heading
Selecting “Display settings” displays a view only display containing the settings:

  • Hide internal agreements (checkbox)
  • Page sizes (integer numbers) for:
    • Agreement view pane > Agreement lines
    • Agreement view pane > E-resources covered by this agreement
    • E-resource view pane > Options for acquiring e-resource
    • Package view pane > E-resources in package
    • E-resource view pane > Agreements for this e-resource
  • Display “Suppress from discovery” settings (checkboxes) for:
    • Agreement lines
    • Titles in packages
    • Titles
    • Hide accordions in agreement edit view settings (checkboxes) for:
      • Usage data


Edit permission for Settings -> Agreements -> Display settings 

Can read and update the settings for Agreements as (currently) managed via mod-config

User can navigate Settings -> Agreements 
In this screen user sees “Display settings” option in under the “General” heading
Selecting “Display settings” displays the editable view for the settings:

  • Hide internal agreements (checkbox)
  • Page sizes (integer numbers) for:
    • Agreement view pane > Agreement lines
    • Agreement view pane > E-resources covered by this agreement
    • E-resource view pane > Options for acquiring e-resource
    • Package view pane > E-resources in package
    • E-resource view pane > Agreements for this e-resource
  • Display “Suppress from discovery” settings (checkboxes) for:
    • Agreement lines
    • Titles in packages
    • Titles
    • Hide accordions in agreement edit view settings (checkboxes) for:
      • Usage data

Save option available

This is the intended behaviour of the current ui-agreements.generalSettings.manage  permission

View only permission for Settings -> Agreements -> Supplementary properties 

Can read the Supplementary properties set up for Agreements

User can navigate Settings -> Agreements 
In this screen user sees “Supplementary properties” option in under the “General” heading
Selecting “Supplementary properties” displays the view only view for setting up supplementary properties:

  • List of existing supplementary properties defined in agreements in an MCL
  • Search option for supplementary properties
  • Selecting a supplementary property in the MCL opens the view panel for the supplementary property


Edit permission for Settings -> Agreements -> Supplementary properties 

Can read, create, update and delete Supplementary properties set up for Agreements

User can navigate Settings -> Agreements 
In this screen user sees “Supplementary properties” option in under the “General” heading
Selecting “Supplementary properties” displays the editable view for setting up supplementary properties:

  • List of existing supplementary properties defined in agreements in an MCL
  • Search option for supplementary properties
  • Selecting a supplementary property in the MCL opens the view panel for the supplementary property
  • The view panel for the supplementary property includes an “Actions” menu which in turn contains “Edit” and “Delete” actions
  • Selecting “Edit” opens the edit view for the supplementary property and the user can update and save the supplementary property information
  • Selecting “Delete” will trigger a confirmation dialogue, and the user can proceed to delete the supplementary property (if it is not in use anywhere in the module)
  • “New” button displays at top of supplementary properties list
  • Clicking “New” opens the create view for a supplementary property and the user can add and save the supplementary property information

This is the intended behaviour of the current ui-agreements.supplementaryProperties.manage  permission

View only permission for Settings -> Agreements -> Pick lists  AND Settings -> Agreements -> Pick list values 

Can read the available refdata categories (pick lists) and the refdata values (pick list values)

User can navigate Settings -> Agreements 
In this screen user sees “Pick lists” and “Pick list values” under the “Supplementary properties pick list setup” heading


Selecting “Pick lists” displays the view only view for pick lists (reference data categories):

  • List of existing pick lists / reference data categories with the number of reference data values in each category

Selecting “Pick list values” displays the view only view for pick list values:

  • Option to select a pick list
  • On selecting a pick list, all the values in that pick list display with their Label and Value


Edit permission for Settings -> Agreements -> Pick lists  AND Settings -> Agreements -> Pick list values 

Can read, create and delete refdata categories (pick lists) and read, update, create and delete refdata values (pick list values)

User can navigate Settings -> Agreements 
In this screen user sees “Pick lists” and “Pick list values” under the “Supplementary properties pick list setup” heading


Selecting “Pick lists” displays the view only view for pick lists (reference data categories):

  • List of existing pick lists / reference data categories with the number of reference data values in each category
  • For pick lists with zero pick list values, see the option to delete the list
  • Clicking the trashcan/delete icon for a pick list will trigger a confirmation dialogue, and the user can proceed to delete the category
  • A New button that displays at the top of the panel
  • Click “New” prompts the user for a new pick list (Category) value and the user can add and save the pick list

Selecting “Pick list values” displays the view only view for pick list values:

  • Option to select a pick list
  • On selecting a pick list, all the values in that pick list display with their Label and Value

This is the intended behaviour of the current ui-agreements.picklists.manage  permission

View only permission for Settings -> Agreements -> App settings (File storage) 

Can read the Agreements “app settings” (currently only File storage settings)

User can navigate Settings -> Agreements 
In this screen user see “File storage” under the “App settings” heading
Selecting “File storage” displays the view only view for app settings
* List of all file storage setting values


Edit permission for Settings -> Agreements -> App settings (File storage) 

Can read and update the Agreements “app settings” (currently only File storage settings)

User can navigate Settings -> Agreements 
In this screen user see “File storage” under the “App settings” heading
Selecting “File storage” displays the edit view for app settings

  • List of all file storage setting values
  • Each setting value has an edit button
  • Clicking “Edit” enables the value to be changes, and saved using a “Save” button that displays in the place of the “Edit” button while in edit mode

This is the intended behaviour of the current ui-agreements.appSettings.manage  permission

View only permission for Settings -> Local KB Admin -> External data sources 

Can read the list of Local KB Admin external data sources

User can navigate Settings -> Local KB Admin 
In this screen user sees “External data sources” under the “General” heading
Selecting “External data sources” displays the view only view for External data sources

  • List of external data sources, each one in a card


Manage permission for Settings -> Local KB Admin -> External data sources 

Can read, create, update and delete Local KB Admin external data sources

User can navigate Settings -> Local KB Admin 
In this screen user sees “External data sources” under the “General” heading
Selecting “External data sources” displays the edit view for External data sources

  • List of external data sources, each one in a card
  • A “New" button at the top of the list of external data sources
  • Each card has an Actions menu which has the options to “Edit”,”Reset cursor”,”Reset sync status”,“Delete”

This is the intended behaviour of the current ui-local-kb-admin.kbs.manage  permission

View only permission for Settings -> Local KB Admin -> Proxy server settings 

Can read the list of Local KB Admin proxy server templates

User can navigate Settings -> Local KB Admin 
In this screen user sees “Proxy server settings” under the “General” heading
Selecting “Proxy server settings” displays the view only view for Proxy server settings

  • List of proxy server settings (templates), each one in a card


Manage permission for Settings -> Local KB Admin -> Proxy server settings 

Can read, create, update and delete Local KB Admin proxy server templates

User can navigate Settings -> Local KB Admin 
In this screen user sees “Proxy server settings” under the “General” heading
Selecting “Proxy server settings” displays the edit view for Proxy server settings

  • List of proxy server settings (templates), each one in a card
  • A “New” button at the top of the list of proxy server settings
  • Each card has an “Edit” and a “Delete” button

This is the intended behaviour of the current ui-local-kb-admin.proxyServer.manage  permission

View only permission for Settings -> Licenses -> Terms 

Can read the Terms set up for Licenses

User can navigate Settings -> Licenses 
In this screen user sees “Terms” option in under the “General” heading
Selecting “Terms” displays the view only view for setting up license terms:

  • List of existing terms defined in licenses in an MCL
  • Search option for terms
  • Selecting a term in the MCL opens the view panel for the term


Edit permission for Settings -> Licenses -> Terms 

Can read, create, update and delete Terms set up for Licenses

User can navigate Settings -> Licenses 
In this screen user sees “Terms” option in under the “General” heading
Selecting “Terms” displays the editable view for setting up license terms

  • List of existing terms defined in licenses in an MCL
  • Search option for terms
  • Selecting a term in the MCL opens the view panel for the term
  • The view panel for the term includes an “Actions” menu which in turn contains “Edit” and “Delete” actions
  • Selecting “Edit” opens the edit view for the term and the user can update and save the term information
  • Selecting “Delete” will trigger a confirmation dialogue, and the user can proceed to delete the term (if it is not in use anywhere in the module)
  • “New” button displays at top of term list
  • Clicking “New” opens the create view for a term and the user can add and save the term information

This is the intended behaviour of the current ui-licenses.terms.manage  permission

View only permission for Settings -> Licenses -> Pick lists  AND Settings -> Licenses -> Pick list values 

Can read the available refdata categories (pick lists) and the refdata values (pick list values)

User can navigate Settings -> Licenses 
In this screen user sees “Pick lists” and “Pick list values” under the “License term pick list setup” heading

Selecting “Pick lists” displays the view only view for pick lists (reference data categories):

  • List of existing pick lists / reference data categories with the number of reference data values in each category

Selecting “Pick list values” displays the view only view for pick list values:

  • Option to select a pick list
  • On selecting a pick list, all the values in that pick list display with their Label and Value


Edit permission for Settings -> Licenses -> Pick lists  AND Settings -> Licenses -> Pick list values 

Can read, create and delete refdata categories (pick lists) and read, update, create and delete refdata values (pick list values)

User can navigate Settings -> Licenses 
In this screen user sees “Pick lists” and “Pick list values” under the “License term pick list setup” heading

Selecting “Pick lists” displays the view only view for pick lists (reference data categories):

  • List of existing pick lists / reference data categories with the number of reference data values in each category
  • For pick lists with zero pick list values, see the option to delete the list
  • Clicking the trashcan/delete icon for a pick list will trigger a confirmation dialogue, and the user can proceed to delete the category
  • A New button that displays at the top of the panel
  • Click “New” prompts the user for a new pick list (Category) value and the user can add and save the pick list

Selecting “Pick list values” displays the view only view for pick list values:

  • Option to select a pick list
  • On selecting a pick list, all the values in that pick list display with their Label and Value

This is the intended behaviour of the current ui-licenses.terms.manage  permission

View only permission for Settings -> Licenses -> App settings (File storage) 

Can read the Licenses “app settings” (currently only File storage settings)

User can navigate Settings -> Licenses 
In this screen user sees “File storage” under the “App settings” heading
Selecting “File storage” displays the view only view for app settings

  • List of all file storage setting values


Edit permission for Settings -> Licenses -> App settings (File storage) 

Can read and update the Licenses “app settings” (currently only File storage settings)

User can navigate Settings -> Licenses 
In this screen user sees “File storage” under the “App settings” heading
Selecting “File storage” displays the edit view for app settings

  • List of all file storage setting values
  • Each setting value has an edit button
  • Clicking “Edit” enables the value to be changes, and saved using a “Save” button that displays in the place of the “Edit” button while in edit mode

This is the intended behaviour of the current ui-licenses.appSettings.manage  permission

Action items

  •