Details
-
Bug
-
Status: Closed (View Workflow)
-
TBD
-
Resolution: Done
-
None
-
CP: sprint 141, CP: sprint 142, CP: sprint 143, CP: sprint 144, CP: Sprint 145, CP Sprint 146
-
0
-
Core: Platform
-
Nolana (R3 2022)
-
TBD
Description
This story is to collect feedback and reassess the use of bulk DELETE endpoints - specifically these -
/inventory/items
/inventory/instances
/instance-storage/instances
/holdings-storage/holdings
/item-storage/items
In our experience, often librarians accidentally deleted all of their items and instances using the above endpoints raising several panic alarms and hosting having to restore the data. We looked into controlling the use of these endpoints using permissions but it gets difficult since permissions to these endpoints are part of the visible permission set
"inventory.all" which is a visible permission.
For Example: Library staff recently wiped out their items making the API request below -
DELETE /mod-inventory-storage/item-storage/items?query=barcode==999999999999999
Side note: The API documentation is not screaming out loud either that these bulk delete endpoints should be used with caution.
Actual Results:
These endpoints are causing unexpected trouble
Expected Results:
Group weighs in on whether these endpoints are needed and how to make access more strict if these endpoints are absolutely needed.
TestRail: Results
Attachments
Issue Links
- blocks
-
-
- Closed
-
- relates to
-
-
- Closed
-
-
MODINVSTOR-576
Bulk delete of instance/holdings/items using CQL
-
- Closed
-