Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[MODDATAIMP-942] [Orchid] Add missing permissions #310

Closed
wants to merge 2 commits into from
Closed

[MODDATAIMP-942] [Orchid] Add missing permissions #310

wants to merge 2 commits into from

Conversation

ncovercash
Copy link
Member

@ncovercash ncovercash commented Oct 23, 2023
edited
Loading

Jira MODDATAIMP-942

Orchid version of #309

Purpose

A couple straggling permissions needed to be added for full DI functionality:

  • Needed for EDITFACT imports with acquisition units (see FAT-1470)
    • invoices.acquisitions-units-assignments.assign
    • invoices.acquisitions-units-assignments.manage
  • Part of mod-entities-links and potentially user creation/update
    • user-tenants.collection.get

@ncovercash ncovercash changed the base branch from master to release/2023_R1_v2.7.0_Orchid October 23, 2023 13:34
ncovercash
ncovercash commented Oct 23, 2023
View reviewed changes
src/main/resources/permissions.txt
@@ -68,8 +68,6 @@ invoice-storage.invoices.item.put
invoice-storage.invoice-lines.item.post
invoice-storage.invoice-lines.item.put
invoice-storage.invoice-lines.collection.get
acquisitions-units.units.collection.get
acquisitions-units.memberships.collection.get
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Duplicated elsewhere in the file

@ncovercash ncovercash marked this pull request as ready for review October 23, 2023 13:36
@ncovercash ncovercash requested review from KaterynaSenchenko and a team October 23, 2023 13:37
@ncovercash ncovercash mentioned this pull request Oct 23, 2023
Closed
RuslanLavrov
RuslanLavrov reviewed Oct 23, 2023
View reviewed changes
descriptors/ModuleDescriptor-template.json Outdated
"instance-authority-links.instances.collection.put",
"user-tenants.collection.get",
"organizations.organizations.collection.get",
"invoices.acquisitions-units-assignments.assign",
Copy link
Contributor

@RuslanLavrov RuslanLavrov Oct 23, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

as far as I know, we should not add this permission here, since this permission is optional and a user assigned to a particular acquisition unit should be provided with it. If this permission is added here, the user who is not supposed to be provided with this permission will receive it.
It seems that "user-tenants.collection.get" permission is required for consortium-related functionalities (ECS) that have been introduced only in Poppy, so this permission should not be added for the Orchid release.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please, remove "user-tenants.collection.get" permission here as well since it is needed by consortium-related functionality that is not present in Orchid release

@sonarcloud
Copy link

sonarcloud bot commented Oct 23, 2023

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 3 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

warning The version of Java (11.0.20.1) you have used to run this analysis is deprecated and we will stop accepting it soon. Please update to at least Java 17.
Read more here

@ncovercash
Copy link
Member Author

See #312

@ncovercash ncovercash closed this Oct 27, 2023
@RuslanLavrov RuslanLavrov mentioned this pull request Oct 27, 2023
Merged
@KaterynaSenchenko KaterynaSenchenko deleted the moddataimp-942-orchid branch November 8, 2023 12:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@KaterynaSenchenko KaterynaSenchenko KaterynaSenchenko approved these changes

@RomanChernetskyi RomanChernetskyi Awaiting requested review from RomanChernetskyi

@RuslanLavrov RuslanLavrov Awaiting requested review from RuslanLavrov

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ncovercash @KaterynaSenchenko @RuslanLavrov