Uploaded image for project: 'mod-inventory'
  1. mod-inventory
  2. MODINV-662

Fetching instance fails to respond with minimal permissions

    XMLWordPrintable

Details

    • Prokopovych - Sprint 136, Prokopovych - Sprint 137
    • 2
    • Prokopovych
    • Lotus (R1 2022) Bug Fix
    • Missing module permission

    Description

      Overview:

      Attempts to fetch a single instance fails (no response is received) when made with minimal permissions.

      Steps to Reproduce:

      1. Created a new user (using POST /users)
      2. Created new login credentials (using POST /authn/credentials)
      3. Created a permissions user, with only inventory.instances.item.get permission (using POST /perms/users)
      4. Login as new user (using POST /authn/login)
      5. Make request to any individual instance record (GET /inventory/instances/[id])

      The same can be done via the UI, however more permissions would be needed to navigate between apps and search, making it more likely the missing permission would be obscured.

      I can provide more details about the APIs involved if needed.

      Expected Results: Instance is fetched correctly

      Actual Results: No response is received at all
      URL: I used https://okapi-bugfest-lotus.int.aws.folio.org/inventory/instances/a3884a91-df9f-45c2-953c-24d0a51a9559 and {{https://folio-snapshot-2-okapi.dev.folio.org
      /inventory/instances/e54b1f4d-7d05-4b1a-9368-3c36b75d8ac6}} however this might not survive a rebuild.

      TestRail: Results

        Attachments

          Issue Links

            defines

            Task - A task that needs to be done. MODINV-676 Release 18.1.5

            • TBD - To be determined
            • Closed

            New Feature - New feature requests UXPROD-1564 Open order Wizard

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed

            New Feature - New feature requests UXPROD-3221 Thunderjet - Lotus Enhancements/Bugfixes

            • P2 - normal priority level, must be included in the current development cycle
            • Closed
            is duplicated by

            Bug - A problem which impairs or prevents the functions of the product. UIOR-954 Title look up does not retrieve data when user has only orders permissions

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed
            relates to

            Tech Debt - MODINV-677 Fetching multiple records in batches fails without responding when any request fails

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Open

            Story - Created by Jira Software - do not edit or delete. Issue type for a user story. UIOR-933 New Permission - "Orders: Approve purchase orders"

            • P4 - lowest priority level, nice-to have things that require future discussion and design
            • Closed

            Story - Created by Jira Software - do not edit or delete. Issue type for a user story. UIOR-963 Update Order Permission

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed

            Activity

              People

                dennisbridges Dennis Bridges
                Aliaksandr Aliaksandr_Lukashevich5
                Aliaksandr_Lukashevich5 Aliaksandr_Lukashevich5
                Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  TestRail: Runs

                    TestRail: Cases