Uploaded image for project: 'mod-circulation'
  1. mod-circulation
  2. CIRC-836

Missing module permission for placing instance holds

    XMLWordPrintable

Details

    • Core: F - Sprint 93, Core: F - Sprint 94, Core: F - Sprint 95
    • 2
    • Prokopovych
    • Q2 2020 Hot Fix #1
    • OTHER

    Description

      Overview:

      Missing module permission(s). When calling POST /circulation/requests/instances w/ a user that has the required permissions, the call fails complaining about missing permissions. These should be provided by the module as module permissions.

      This was initially found via edge/mod-patron.

      Steps to Reproduce:

      1. Create a user
      2. Grant them only the circulation.requests.instances.item.post permission
      3. Try to place an instance request

      Expected Results:

      The request is placed successfully

      Actual Results:

      Failed to place a request for the instance. Reasons: 
      validation failure:
      reason: "Hold requests are not allowed for this patron and item combination", parameters: key: requestType, value: Hold%nvalidation failure:
      reason: "Recall requests are not allowed for this patron and item combination", parameters: key: requestType, value: Recall%nHTTP request to "http://pvt.lb.gbf.folio-eis.us-east-1:9130/manualblocks" failed, status code: 403, response: "Access requires permission: manualblocks.collection.get"%nvalidation failure:
      reason: "Hold requests are not allowed for this patron and item combination", parameters: key: requestType, value: Hold%nvalidation failure:
      reason: "Recall requests are not allowed for this patron and item combination", parameters: key: requestType, value: Recall%nHTTP request to "http://pvt.lb.gbf.folio-eis.us-east-1:9130/manualblocks" failed, status code: 403, response: "Access requires permission: manualblocks.collection.get"
      

      Additional Information:

      Missing manualblocks.collection.get

      $ curl $OKAPI/bl-users/_self -H "X-Okapi-Token: $USER_TOKEN" -w'\n' -s | jq .permissions
      {
        "permissions": [
          "circulation.requests.instances.item.post"
        ]
      }
      
      $ curl "$OKAPI/circulation/requests/instances" -H "X-Okapi-Token: $USER_TOKEN" -XPOST -w'\n' -H "Content-Type: application/json" -d '{
        "pickupServicePointId": "0c0f46f7-89f3-4db7-b9cf-a2a856fd2c7c",
        "requestDate": "2020-07-13T10:56:00.000",
        "requesterId": "89dc78f0-72ea-4b5d-bda6-e58d305fa43c",
        "instanceId": "e4f286ff-79c3-47d3-81d9-5724be48cfc5",
        "requestExpirationDate": "2020-08-13T00:00:00.000"
      }'
      Failed to place a request for the instance. Reasons: 
      validation failure:
      reason: "Hold requests are not allowed for this patron and item combination", parameters: key: requestType, value: Hold%nvalidation failure:
      reason: "Recall requests are not allowed for this patron and item combination", parameters: key: requestType, value: Recall%nHTTP request to "http://pvt.lb.gbf.folio-eis.us-east-1:9130/manualblocks" failed, status code: 403, response: "Access requires permission: manualblocks.collection.get"%nvalidation failure:
      reason: "Hold requests are not allowed for this patron and item combination", parameters: key: requestType, value: Hold%nvalidation failure:
      reason: "Recall requests are not allowed for this patron and item combination", parameters: key: requestType, value: Recall%nHTTP request to "http://pvt.lb.gbf.folio-eis.us-east-1:9130/manualblocks" failed, status code: 403, response: "Access requires permission: manualblocks.collection.get"
      

      Missing automated-patron-blocks.collection.get

      $ curl $OKAPI/bl-users/_self -H "X-Okapi-Token: $USER_TOKEN" -w'\n' -s | jq .permissions{
        "permissions": [
          "circulation.requests.instances.item.post",
          "manualblocks.collection.get"
        ]
      }
      
      $ curl "$OKAPI/circulation/requests/instances" -H "X-Okapi-Token: $USER_TOKEN" -XPOST -w'\n' -H "Content-Type: application/json" -d '{  "pickupServicePointId": "0c0f46f7-89f3-4db7-b9cf-a2a856fd2c7c",
        "requestDate": "2020-07-13T10:56:00.000",
        "requesterId": "89dc78f0-72ea-4b5d-bda6-e58d305fa43c",
        "instanceId": "e4f286ff-79c3-47d3-81d9-5724be48cfc5",
        "requestExpirationDate": "2020-08-13T00:00:00.000"
      }'
      Failed to place a request for the instance. Reasons: 
      validation failure:
      reason: "Hold requests are not allowed for this patron and item combination", parameters: key: requestType, value: Hold%nvalidation failure:
      reason: "Recall requests are not allowed for this patron and item combination", parameters: key: requestType, value: Recall%nHTTP request to "http://pvt.lb.gbf.folio-eis.us-east-1:9130/automated-patron-blocks/89dc78f0-72ea-4b5d-bda6-e58d305fa43c" failed, status code: 403, response: "Access requires permission: automated-patron-blocks.collection.get"%nvalidation failure:
      reason: "Hold requests are not allowed for this patron and item combination", parameters: key: requestType, value: Hold%nvalidation failure:
      reason: "Recall requests are not allowed for this patron and item combination", parameters: key: requestType, value: Recall%nHTTP request to "http://pvt.lb.gbf.folio-eis.us-east-1:9130/automated-patron-blocks/89dc78f0-72ea-4b5d-bda6-e58d305fa43c" failed, status code: 403, response: "Access requires permission: automated-patron-blocks.collection.get"
      

      Missing circulation-storage.request-batch.item.post

      $  curl$OKAPI/bl-users/_self -H "X-Okapi-Token: $USER_TOKEN" -w'\n' -s | jq .permissions
      {
        "permissions": [
          "circulation.requests.instances.item.post",
          "manualblocks.collection.get",
          "automated-patron-blocks.collection.get",
          "circulation-storage.request-batch.item.post"
        ]
      }
      
      $ curl "$OKAPI/circulation/requests/instances" -H "X-Okapi-Token: $USER_TOKEN" -XPOST -w'\n' -H "Content-Type: application/json" -d '{
        "pickupServicePointId": "7ca0f1f8-1008-4ef7-8c27-416dbacea583",
        "requestDate": "2020-07-13T10:56:00.000",
        "requesterId": "dabb9d8b-c91b-491f-890d-dc710c324c4e",
        "instanceId": "e4f286ff-79c3-47d3-81d9-5724be48cfc5",
        "requestExpirationDate": "2020-08-13T00:00:00.000"
      }'
      Failed to place a request for the instance. Reasons: 
      validation failure:
      reason: "Hold requests are not allowed for this patron and item combination", parameters: key: requestType, value: Hold%nvalidation failure:
      reason: "Recall requests are not allowed for this patron and item combination", parameters: key: requestType, value: Recall%nAccess requires permission: circulation-storage.request-batch.item.post%nvalidation failure:
      reason: "This requester already has an open request for this item", parameters: key: itemId, value: 4caaaa09-e3ab-445d-8f2c-235bf10d6fb8%nkey: requesterId, value: dabb9d8b-c91b-491f-890d-dc710c324c4e%nkey: requestId, value: 6e78a616-193a-47b7-ad93-cd36b9968f1f%nvalidation failure:
      reason: "This requester already has an open request for this item", parameters: key: itemId, value: 4caaaa09-e3ab-445d-8f2c-235bf10d6fb8%nkey: requesterId, value: dabb9d8b-c91b-491f-890d-dc710c324c4e%nkey: requestId, value: 6e78a616-193a-47b7-ad93-cd36b9968f1f%nvalidation failure:
      reason: "Page requests are not allowed for this patron and item combination", parameters: key: requestType, value: Page
      

      After adding those, it appears that one of those calls actually succeeded in creating the request because now I get an error saying "This requester already has an open request for an item of this instance"!

      $  curl$OKAPI/bl-users/_self -H "X-Okapi-Token: $USER_TOKEN" -w'\n' -s | jq .permissions
      {
        "permissions": [
          "circulation.requests.instances.item.post",
          "manualblocks.collection.get",
          "automated-patron-blocks.collection.get",
          "circulation-storage.request-batch.item.post"
        ]
      }
      
      $ curl "$OKAPI/circulation/requests/instances" -H "X-Okapi-Token: $USER_TOKEN" -XPOST -w'\n' -H "Content-Type: application/json" -d '{  "pickupServicePointId": "7ca0f1f8-1008-4ef7-8c27-416dbacea583",
        "requestDate": "2020-07-13T10:56:00.000",
        "requesterId": "dabb9d8b-c91b-491f-890d-dc710c324c4e",
        "instanceId": "e4f286ff-79c3-47d3-81d9-5724be48cfc5",
        "requestExpirationDate": "2020-08-13T00:00:00.000"
      }'
      {
        "errors" : [ {
          "message" : "This requester already has an open request for an item of this instance",
          "parameters" : [ {
            "key" : "itemId",
            "value" : "4caaaa09-e3ab-445d-8f2c-235bf10d6fb8"
          }, {
            "key" : "requesterId",
            "value" : "dabb9d8b-c91b-491f-890d-dc710c324c4e"
          }, {
            "key" : "instanceId",
            "value" : "e4f286ff-79c3-47d3-81d9-5724be48cfc5"
          } ]
        } ]
      }
      

      Using a different instance works with these permissions

      $ curl "$OKAPI/circulation/requests/instances" -H "X-Okapi-Token: $USER_TOKEN" -XPOST -w'\n' -H "Content-Type: application/json" -d '{
        "pickupServicePointId": "7ca0f1f8-1008-4ef7-8c27-416dbacea583",
        "requestDate": "2020-07-13T10:56:00.000",
        "requesterId": "dabb9d8b-c91b-491f-890d-dc710c324c4e",
        "instanceId": "d7a32b2a-9d02-47f3-9af3-08c37a52836f",
        "requestExpirationDate": "2020-08-13T00:00:00.000"
      }'
      {
        "id" : "bd9be3a7-3ac4-4b9c-a2e0-0b2c95f3a464",
        "requestType" : "Page",
        "requestDate" : "2020-07-13T10:56:00.000+0000",
        "requesterId" : "dabb9d8b-c91b-491f-890d-dc710c324c4e",
        "itemId" : "1b94b0dd-9b5c-4bab-8610-1abb44c11a35",
        "status" : "Open - Not yet filled",
        "item" : {
          "title" : "Non-stop /Brian W. Aldiss.",
          "barcode" : "16023373",
          "identifiers" : [ {
            "value" : "   78305278",
            "identifierTypeId" : "ddaf3d51-de81-4768-b1aa-a1e985d4e999"
          }, {
            "value" : "0330246380 :",
            "identifierTypeId" : "59378436-9645-4add-b05f-6afc69bdc8d0"
          }, {
            "value" : "(ICU)BID2673863",
            "identifierTypeId" : "2baf4cec-6abf-438b-abd0-a6c512c3c173"
          }, {
            "value" : "(OCoLC)4003039",
            "identifierTypeId" : "01ca9cda-7027-4d64-abed-9e3c4943daf2"
          } ],
          "holdingsRecordId" : "7779d831-c10d-403b-836d-e7ff423db794",
          "instanceId" : "d7a32b2a-9d02-47f3-9af3-08c37a52836f",
          "location" : {
            "name" : "UC/HP/JRL/Gen",
            "libraryName" : "Regenstein (JRL)",
            "code" : "UC/HP/JRL/Gen"
          },
          "contributorNames" : [ {
            "name" : "Aldiss, Brian W. (Brian Wilson), 1925-"
          } ],
          "status" : "Paged",
          "callNumber" : "PR6001.L5N8 1977",
          "callNumberComponents" : {
            "callNumber" : "PR6001.L5N8 1977"
          },
          "copyNumber" : "c.1"
        },
        "requester" : {
          "lastName" : "Abadie",
          "firstName" : "Zelda",
          "middleName" : "B",
          "barcode" : "0000027265",
          "patronGroupId" : "3474f19b-1a65-4314-9e22-6ff808164262"
        },
        "fulfilmentPreference" : "Hold Shelf",
        "requestExpirationDate" : "2020-08-13T00:00:00.000+0000",
        "pickupServicePointId" : "7ca0f1f8-1008-4ef7-8c27-416dbacea583",
        "metadata" : {
          "createdDate" : "2020-07-13T17:01:43.198+0000",
          "createdByUserId" : "8f16694f-1b30-4c6a-ac81-6353b79f5502",
          "updatedDate" : "2020-07-13T17:01:43.198+0000",
          "updatedByUserId" : "8f16694f-1b30-4c6a-ac81-6353b79f5502"
        },
        "position" : 1,
        "pickupServicePoint" : {
          "name" : "Beatrix Potter Library",
          "code" : "BPL",
          "discoveryDisplayName" : "BPL Service Desk",
          "description" : null,
          "shelvingLagTime" : 120,
          "pickupLocation" : true
        }
      }
      

      Interested parties:

      Anya N. Arnold magdaz

      TestRail: Results

        Attachments

          Issue Links

            Activity

              People

                bohdan-suprun Bohdan Suprun
                cmcnally Craig McNally
                Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  TestRail: Runs

                    TestRail: Cases