UIAC-63 Introduce new permission to view all acquisition unit settings #165

usavkov-epam · 2023-08-31T10:06:44Z

Purpose

https://issues.folio.org/browse/UIAC-63

Approach

Add permission to ONLY view all settings in the acquisition-units and protect actions from non-permitted user.

Screencast

chrome_kQZAauxoaG.mp4

Pre-Merge Checklist

Before merging this PR, please go through the following list and take appropriate actions.

I've added appropriate record to the CHANGELOG.md
Does this PR meet or exceed the expected quality standards?
- Code coverage on new code is 80% or greater
- Duplications on new code is 3% or less
- There are no major code smells or security issues
Does this introduce breaking changes?
- If any API-related changes - okapi interfaces and permissions are reviewed/changed correspondingly
- There are no breaking changes in this PR.

If there are breaking changes, please STOP and consider the following:

What other modules will these changes impact?
Do JIRAs exist to update the impacted modules?
- If not, please create them
- Do they contain the appropriate level of detail? Which endpoints/schemas changed, etc.
- Do they have all they appropriate links to blocked/related issues?
Are the JIRAs under active development?
- If not, contact the project's PO and make sure they're aware of the urgency.
Do PRs exist for these changes?
- If so, have they been approved?

Ideally all of the PRs involved in breaking changes would be merged in the same day to avoid breaking the folio-testing environment. Communication is paramount if that is to be achieved, especially as the number of intermodule and inter-team dependencies increase.

While it's helpful for reviewers to help identify potential problems, ensuring that it's safe to merge is ultimately the responsibility of the PR assignee.

github-actions · 2023-08-31T10:07:18Z

Jest Unit Test Statistics

52 tests ±0 52 ✔️ ±0 44s ⏱️ -1s
11 suites ±0   0 💤 ±0
  1 files ±0   0 ❌ ±0

Results for commit 7433453. ± Comparison against base commit 4b079cf.

♻️ This comment has been updated with latest results.

github-actions · 2023-08-31T10:07:34Z

BigTest Unit Test Statistics

0 tests ±0 0 ✔️ ±0 0s ⏱️ ±0s
0 suites ±0 0 💤 ±0
0 files ±0 0 ❌ ±0

Results for commit 7433453. ± Comparison against base commit 4b079cf.

♻️ This comment has been updated with latest results.

zburke

Ideally there should be a test that shows a the actions menu is populated/empty when these permissions are/are not present.

FYI, your build is failing due to rehooks/local-storage/issues/103 but you can work around this via UIAC-70 which needs to be done for Poppy anyway.

Dmytro-Melnyshyn · 2023-08-31T13:46:45Z

src/settings/AcquisitionUnits/AcquisitionUnitDetails/AcquisitionUnitDetails.js

@@ -37,13 +37,15 @@ const AcquisitionUnitDetails = ({ acquisitionUnit, close, getEditPath, deleteUni
  const stripes = useStripes();

  const getActionMenu = () => {
-    return (
+    const isPermittedToViewActions = stripes.hasPerm('acquisitions-units.units.item.put') || stripes.hasPerm('acquisitions-units.units.item.delete');


It's better to utilize UI permissions instead of BE ones in stripes.hasPerm/IfPermission. In this case, the user will not accidentally get access to functionality they shouldn't from another UI permission assigned to them.