Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Librarian permissions are too large on other librarian records #930

Closed
pronguen opened this issue Apr 15, 2020 · 0 comments · Fixed by rero/rero-ils-ui#284
Closed

Librarian permissions are too large on other librarian records #930

pronguen opened this issue Apr 15, 2020 · 0 comments · Fixed by rero/rero-ils-ui#284
Labels
f: permissions Concerns the rights management
Milestone
v0.10.0

Comments

@pronguen
Copy link
Contributor

pronguen commented Apr 15, 2020
edited
Loading

Describe the issue
As a normal librarian, I can give librarian or system librarian authorisations to a patron, for another library than my own.

To Reproduce

  1. Log in a as a librarian (not a system librarian)
  2. Edit a user who has only the patron role
  3. Add him the librarian role for another library
    1.1 See that it is possible
  4. Add him the system librarian role
    1.1 See that it is possible

Expected behavior
It should not be possible, as a normal librarian, to

  1. give librarian authorisations to a patron for another library than his own.
  2. give system librarian authorisations to anyone

Software version
ils.test.rero.ch (v0.7.0)
ilspilot (test, phase 1)
@iGormilhit iGormilhit added f: permissions Concerns the rights management pilot libraries labels May 14, 2020
@iGormilhit iGormilhit added this to the v0.10.0 milestone May 14, 2020
zannkukai added a commit to zannkukai/rero-ils-ui that referenced this issue Jun 17, 2020
@zannkukai
authorization: limit roles management using API
a82db7f 
This commit restricts the role management for patrons using the role
management API. Depending of the API result, some roles could be
disabled into the role field.

- Closes rero/rero-ils#930

Co-authored_by: Renaud Michotte <renaud.michotte@gmail.com>
@zannkukai zannkukai mentioned this issue Jun 17, 2020
Merged
7 tasks
zannkukai added a commit to zannkukai/rero-ils-ui that referenced this issue Jun 17, 2020
@zannkukai
authorization: limit roles management using API
1b8718b 
This commit restricts the role management for patrons using the role
management API. Depending of the API result, some roles could be
disabled into the role field.

- Closes rero/rero-ils#930

Co-authored_by: Renaud Michotte <renaud.michotte@gmail.com>
zannkukai added a commit to zannkukai/rero-ils-ui that referenced this issue Jun 18, 2020
@zannkukai
authorization: limit roles management using API
a0c990c 
This commit restricts the role management for patrons using the role
management API. Depending of the API result, some roles could be
disabled into the role field.

- Closes rero/rero-ils#930

Co-authored_by: Renaud Michotte <renaud.michotte@gmail.com>
@iGormilhit iGormilhit changed the title Give librarian authorisations Librarian permissions are too large on other librarian records Jun 18, 2020
zannkukai added a commit to zannkukai/rero-ils-ui that referenced this issue Jun 24, 2020
@zannkukai
authorization: limit roles management using API
b885e19 
This commit restricts the role management for patrons using the role
management API. Depending of the API result, some roles could be
disabled into the role field.

- Closes rero/rero-ils#930

Co-authored_by: Renaud Michotte <renaud.michotte@gmail.com>
zannkukai added a commit to zannkukai/rero-ils-ui that referenced this issue Jun 24, 2020
@zannkukai
authorization: limit roles management using API
95e45a4 
This commit restricts the role management for patrons using the role
management API. Depending of the API result, some roles could be
disabled into the role field.

If the current user has only the librarian role, then the library field
from the patron form editor will be disabled.

- Closes rero/rero-ils#930

Co-authored_by: Renaud Michotte <renaud.michotte@gmail.com>
zannkukai added a commit to zannkukai/rero-ils-ui that referenced this issue Jun 25, 2020
@zannkukai
authorization: limit fields on Patron form
0a1034c 
This commit restricts the role management for patrons using the role
management API. Depending of the API result, some roles could be
disabled into the role field into the Patron form.

If the current user has only the librarian role, then the library field
from the patron form editor will be disabled and set by default to the
current library from the current logged user.

- Closes rero/rero-ils#930

Co-authored_by: Renaud Michotte <renaud.michotte@gmail.com>
zannkukai added a commit to rero/rero-ils-ui that referenced this issue Jun 25, 2020
@zannkukai
authorization: limit fields on Patron form
4161cb5 
This commit restricts the role management for patrons using the role
management API. Depending of the API result, some roles could be
disabled into the role field into the Patron form.

If the current user has only the librarian role, then the library field
from the patron form editor will be disabled and set by default to the
current library from the current logged user.

- Closes rero/rero-ils#930

Co-authored_by: Renaud Michotte <renaud.michotte@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
f: permissions Concerns the rights management
Projects
None yet
Milestone
v0.10.0
Development

Successfully merging a pull request may close this issue.

authorization: limit roles management using API zannkukai/rero-ils-ui
2 participants
@iGormilhit @pronguen