Uploaded image for project: 'mod-orders'
  1. mod-orders
  2. MODORDERS-292

Protect order approval with separate permission

    XMLWordPrintable

Details

    • Story
    • Status: Closed (View Workflow)
    • P3
    • Resolution: Duplicate
    • None
    • 8.0.0
    • None
    • ACQ Sprint 71
    • Thunderjet

    Description

      Overview

      There's a new requirement to protect order approval with a separate assignable folio permission.

      Approach

      • Define a new permission orders.item.approve
      • Add that permission as a "permissionDesired" for the PUT /orders/composite-order/<id> endpoint.
      • In the implementation for that endpoint, validate the permission if the order is being approved (via inspecting X-Okapi-Permissions).
      • Return an appropriate error message/code if the required permission is missing.

      See the OKAPI guide for a description of "permissionDesired"

      Acceptance Criteria

      • ModuleDescriptor is updated
      • Implementation is updated
      • Unit tests are updated (Since we're enforcing permissions in this case we can actually test this in unit tests)
      • API tests are updated

      TestRail: Results

        Attachments

          Issue Links

            has to be done before

            New Feature - New feature requests OKAPI-1070 Check permission names during install

            • TBD - To be determined
            • Closed
            relates to

            New Feature - New feature requests UXPROD-1777 Ordering updates and fixes - Q3 2019

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed

            Story - Created by Jira Software - do not edit or delete. Issue type for a user story. MODINVOICE-93 Approve invoice permission and require approval to mark as paid

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Open

            Story - Created by Jira Software - do not edit or delete. Issue type for a user story. MODORDERS-290 Enforce new setting: approval required to open orders

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed

            Story - Created by Jira Software - do not edit or delete. Issue type for a user story. MODORDERS-291 Add approvedBy and approvalDate fields to purchase_order/composite_purchase_order

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed

            Story - Created by Jira Software - do not edit or delete. Issue type for a user story. UIOR-235 Settings: require approval for orders to be opened

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed

            Activity

              People

                Unassigned Unassigned
                cmcnally Craig McNally
                Craig McNally Craig McNally
                Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  TestRail: Runs

                    TestRail: Cases