Details
-
New Feature
-
Status: Closed (View Workflow)
-
P3
-
Resolution: Done
-
None
-
None
-
None
Description
At present, if the user has the settings.enabled permisson, then the Settings link is enabled – quite rightly – but then clicking on that link offers settings for each module, even when the user does not have permissions to use any of the module's settings.
We can fix this:
- Each module should define an additional permission, settings.NAME.enabled, and the <Settings> component should display the module's permissions only if this is defined.
- Each settings.NAME.enabled permission should include settings.enabled as a sub-permission.
- Each permission for a specific part of the settings (e.g. settings.usergroups.all in the ui-users module) should include the relevant module-wide settings permission (in this case settings.users.enabled).
Then users will see only those settings areas that they have permission to use some part of.
TestRail: Results
Attachments
Issue Links
- blocks
-
STCOR-72 stripes-core's Settings menu should only display a module's entry if relevant permission exists
-
- Closed
-
-
UICIRC-21 Permission Set for Loan Policy CRUD
-
- Closed
-
-
UIIT-38 Permission Set for Loan Type CRUD
-
- Closed
-
-
UIIT-39 Permission Set for Material Type CRUD
-
- Closed
-
-
UIU-130 Permission Set for Patron Group CRUD
-
- Closed
-
- is blocked by
-
UID-8 Add permission for developer settings
-
- Closed
-
- relates to
-
LIBAPP-151 Permissions: Can Create, Edit and Remove Permission Sets
-
- Closed
-
-
FOLIO-763 Top-to-bottom understanding of permissions
-
- Closed
-
-
STRIPES-469 Add permission-guards for each settings page
-
- Closed
-