[MODDATAIMP-942] [Poppy] Add missing permissions #309
Conversation
| @@ -68,8 +68,6 @@ invoice-storage.invoices.item.put | |||
| invoice-storage.invoice-lines.item.post | |||
| invoice-storage.invoice-lines.item.put | |||
| invoice-storage.invoice-lines.collection.get | |||
| acquisitions-units.units.collection.get | |||
| acquisitions-units.memberships.collection.get | |||
There was a problem hiding this comment.
These were duplicated elsewhere in the file
|
Kudos, SonarCloud Quality Gate passed!
|
| @@ -101,3 +99,6 @@ instance-authority-links.instances.collection.get | |||
| instance-authority-links.instances.collection.put | |||
| instance-authority.linking-rules.collection.get | |||
| user-tenants.collection.get | |||
| organizations.organizations.collection.get | |||
| invoices.acquisitions-units-assignments.assign | |||
There was a problem hiding this comment.
it seems that for the data-import system user we should not add this permission as well because data import processes initiated by all other users will be provided with this permission, regardless of whether a user starting the import process has this permission or not.
There was a problem hiding this comment.
I'm not sure what to do, then, since the data import system user operates on the user's behalf to process jobs. Anything the user can do the system user must be able to do
There was a problem hiding this comment.
I haven't come to some solution, but might be we can consider approach of saving "X-Okapi-Permissions" header of the initial user along with the DataImportQueueItem (or smth like that) in the DB. This way, the header could be passed further through Kafka headers and be used by the logic that determines whether the user has this specific permission during invoice creation.
|
See #311 |
Jira MODDATAIMP-942
Poppy version of #310
Purpose
A couple straggling permissions needed to be added for full DI functionality: