Uploaded image for project: 'mod-inventory'
  1. mod-inventory
  2. MODINV-120

User cannot manage records with mod-inventory permissions only

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • P3
    • Resolution: Done
    • None
    • 16.2.0
    • Core: F - Sprint 100
    • 2
    • Prokopovych

    Description

      For example, the definition of the "update an item" endpoint is following:

      {
  "methods": ["PUT"],
  "pathPattern": "/inventory/items/{id}",
  "permissionsRequired": ["inventory.items.item.put"],
  "modulePermissions": ["inventory-storage.items.item.put"]
}

      When user which has only inventory.items.item.put assigned (or inventory.all) tries to update an item, the operation fails with error:

      Access requires permission: inventory-storage.items.item.get

      okapi log contains a message like following:

      mod-authtoken-2.2.0-SNAPSHOT.44 SEVERE: ["inventory.items.item.put"](user permissions) nor ["inventory-storage.items.item.put"](module permissions) do not contain inventory-storage.items.collection.get

      This was discovered by mod-orders API tests in scope of MODORDERS-245

      TestRail: Results

        Attachments

          Issue Links

            relates to

            Story - Created by Jira Software - do not edit or delete. Issue type for a user story. MODORDERS-245 Update API tests to use a user account with limited permissions

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed

            Activity

              People

                bohdan-suprun Bohdan Suprun
                piotr_kalashuk Piotr Kalashuk
                Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  TestRail: Runs

                    TestRail: Cases