Uploaded image for project: 'ui-eholdings'
  1. ui-eholdings
  2. UIEH-1231

Missing Permissions on upgrade from Juniper to Kiwi

    XMLWordPrintable

Details

    • eHoldings Sprint 133, Spitfire Sprint 134, Spitfire Sprint 135
    • 1
    • Spitfire
    • Kiwi (R3 2021) Hot Fix #2
    • Yes
    • Approved via release_bug_triage (2022-02-14)
    • Missing module permission

    Description

      Upgrade eHoldings from 6.1.1(Juniper) to 7.0.1(Kiwi) and "access-types", "root-proxy" and "usage-consolidation" are unusable in Settings-eHoldings. 

      We see the following requests failing with 403 due to missing permissions - 
      [https://okapi-{tenant}.folio.ebsco.com/eholdings/kb-credentials/80898dee-449f-44dd-9c8e-37d5eb469b1d/proxy-types

      https://okapi-bywater-demo.folio.ebsco.com/eholdings/kb-credentials/80898dee-449f-44dd-9c8e-37d5eb469b1d/proxy-types]

      fails with 403: kb-ebsco.kb-credentials.proxy-types.collection.get

      [https://okapi-{tenant}.folio.ebsco.com/eholdings/kb-credentials/80898dee-449f-44dd-9c8e-37d5eb469b1d/root-proxy

      https://okapi-bywater-demo.folio.ebsco.com/eholdings/kb-credentials/80898dee-449f-44dd-9c8e-37d5eb469b1d/root-proxy]

      fails with 403: kb-ebsco.kb-credentials.root-proxy.get

      https://okapi-{tenant}.folio.ebsco.com/eholdings/uc-credentials

      fails with 403: kb-ebsco.uc-credentials.item.get

      Please note that these are not visible from the UI to assign and should be module permissions

      If we compare the package.json between 6.1.1 and 7.0.1, we see that 6.1.1 has all permissions for kb-ebsco and tags https://github.com/folio-org/ui-eholdings/blob/v6.1.1/package.json#L133-L134 where as 7.0.1 restricted to certain permissions https://github.com/folio-org/ui-eholdings/blob/v7.0.1/package.json#L132-L151 but is missing the needed permissions mentioned above

      Please note that this is affecting all clients upgraded from Juniper-hotfix-4 to Kiwi-GA

       

      Test cases:

      1. Change testing
        1. Go to https://folio-snapshot.dev.folio.org/settings/eholdings
        2. Open network in devtools. Expectation in each step: there are not responses with 403 code
        3. Open and update Root proxy
        4. Revert changes in Root proxy
        5. Open and update Custom label
        6. Revert changes in Custom labels
        7. Add and delete Access status type
        8. Assign user and unassign the user after this
        9. Usage consolidation(see 404 error ""Usage Consolidation is not enabled for KB credentials with id"")
      2. Regression testing - not needed

      TestRail: Results

        Attachments

          Issue Links

            Activity

              People

                Andrei Shumski2 Andrei Shumski
                sduvvuri Sobha Duvvuri
                Votes:
                0 Vote for this issue
                Watchers:
                7 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  TestRail: Runs

                    TestRail: Cases