Uploaded image for project: 'mod-orders'
  1. mod-orders
  2. MODORDERS-244

Missing module permission for getting contributor-name-types

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: P2
    • Resolution: Done
    • Affects Version/s: 5.0.0
    • Fix Version/s: 6.0.0
    • Labels:
    • Environment:

      folio-snapshot

    • Template:
    • Sprint:
      ACQ Sprint 64
    • Story Points:
      1
    • Development Team:
      Thunderjet

      Description

      Overview:
      It appears that we're missing a module permission for the following endpoints:

      POST /orders/composite-orders
      PUT /orders/composite-orders/<id>

      Missing permission: inventory-storage.contributor-name-types.collection.get

      This appears to have been introduced by MODORDERS-204 (PR)

      Reproducer:
      Originally discovered while placing orders from GOBI via mod-gobi using an institutional user w/ limited permissions (gobi.all)

      $ curl 'https://folio-snapshot.aws.indexdata.com:8000/orders?type=GOBI' \
      >   -H 'Authorization: apikey eyJzIjoiNXNlNGdnbXk1TiIsInQiOiJkaWt1IiwidSI6ImRpa3UifQ==' \
      >   -H 'Content-Type: application/xml' \
      >   -XPOST \
      >   -d '<PurchaseOrder>
      >   <CustomerDetail>
      >     <BaseAccount>8910</BaseAccount>
      >     <SubAccount>891010</SubAccount>
      >   </CustomerDetail>
      >   <Order>
      >     <ListedPrintMonograph>
      >       <collection>
      >         <record>
      >           <leader>00000nam a2200000u  4500</leader>
      >           <controlfield tag="001">99974828471</controlfield>
      >           <controlfield tag="003">NhCcYBP</controlfield>
      >           <controlfield tag="005">20180905153857.0</controlfield>
      >           <controlfield tag="008">180905t20112011xx ||||||||||||||   eng d</controlfield>
      >           <datafield tag="020" ind1=" " ind2=" ">
      >             <subfield code="a">9780547572482</subfield>
      >             <subfield code="c">14.95</subfield>
      >           </datafield>
      >           <datafield tag="035" ind1=" " ind2=" ">
      >             <subfield code="a">(OCoLC)717297695</subfield>
      >           </datafield>
      >           <datafield tag="100" ind1="1" ind2=" ">
      >             <subfield code="a">DICK, PHILIP K</subfield>
      >           </datafield>
      >           <datafield tag="245" ind1="1" ind2="0">
      >             <subfield code="a">MAN IN THE HIGH CASTLE.</subfield>
      >           </datafield>
      >           <datafield tag="260" ind1=" " ind2=" ">
      >             <subfield code="a">BOSTON</subfield>
      >             <subfield code="b">MARINER BOOKS</subfield>
      >             <subfield code="c">2011</subfield>
      >           </datafield>
      >         </record>
      >       </collection>
      >       <OrderDetail>
      >         <FundCode>USHIST</FundCode>
      >         <Location>KU/CC/DI/A</Location>
      >         <Quantity>2</Quantity>
      >         <YBPOrderKey>99974828471</YBPOrderKey>
      >         <OrderPlaced>2018-09-05T15:38:55</OrderPlaced>
      >         <Initials>Mark</Initials>
      >         <ListPrice>
      >           <Amount>14.95</Amount>
      >           <Currency>USD</Currency>
      >         </ListPrice>
      >         <NetPrice>
      >           <Amount>13.16</Amount>
      >           <Currency>USD</Currency>
      >         </NetPrice>
      >         <LocalData>
      >           <Description>LocalData1</Description>
      >           <Value>Book</Value>
      >         </LocalData>
      >         <LocalData>
      >           <Description>LocalData2</Description>
      >           <Value>Notify requester upon receipt</Value>
      >         </LocalData>
      >         <LocalData>
      >           <Description>LocalData3</Description>
      >           <Value>Anne Esterhazy</Value>
      >         </LocalData>
      >         <LocalData>
      >           <Description>LocalData4</Description>
      >           <Value>signed-edition,vip-order</Value>
      >         </LocalData>
      >       </OrderDetail>
      >     </ListedPrintMonograph>
      >   </Order>
      > </PurchaseOrder>'
      <?xml version='1.0' encoding='UTF-8'?>
      <Response>
        <Error>
          <Code>INTERNAL_SERVER_ERROR</Code>
          <Message>Failed to convert FOLIO response to XML</Message>
        </Error>
      </Response>
      

      Log snippet:

      3:33:27.133 [vert.x-eventloop-thread-0] ERROR org.folio.rest.impl.InventoryHelper - Exception calling GET /contributor-name-types?query=name==Personal+name
      java.util.concurrent.CompletionException: org.folio.orders.rest.exceptions.HttpException: Access requires permission: inventory-storage.contributor-name-types.collection.get
          at org.folio.orders.utils.HelperUtils.verifyAndExtractBody(HelperUtils.java:81) ~[mod-orders-fat.jar:?]
          at org.folio.orders.utils.HelperUtils.lambda$handleGetRequest$21(HelperUtils.java:798) ~[mod-orders-fat.jar:?]
          at java.util.concurrent.CompletableFuture.uniApply(CompletableFuture.java:602) ~[?:1.8.0_181]
          at java.util.concurrent.CompletableFuture$UniApply.tryFire(CompletableFuture.java:577) ~[?:1.8.0_181]
          at java.util.concurrent.CompletableFuture.postComplete(CompletableFuture.java:474) ~[?:1.8.0_181]
          at java.util.concurrent.CompletableFuture.complete(CompletableFuture.java:1962) ~[?:1.8.0_181]
          at org.folio.rest.tools.client.HTTPJsonResponseHandler.lambda$1(HTTPJsonResponseHandler.java:67) ~[mod-orders-fat.jar:?]
      ...elided ...
      

      N.B. Beware that these values are cached, so if you have opened an order w/ a contributor of the type you're using, it will be cached for the tenant and subsequent orders opened for that tenant will not need to call the contributor-name-types endpoint. In this case the problem will not be evident.

        TestRail: Results

          Attachments

            Issue Links

              Activity

                People

                Assignee:
                siarhei_hrabko Siarhei Hrabko
                Reporter:
                cmcnally Craig McNally
                Tester Assignee:
                Siarhei Hrabko Siarhei Hrabko
                Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved:

                    TestRail: Runs

                      TestRail: Cases