Evergreen

ACQ distribution formula PCRUD perms too strict, affects batch update

Bug #1463590 reported by Bill Erickson on 2015-06-09

This bug affects 2 people

	Status	Importance	Assigned to	Milestone
Evergreen	Fix Released	Undecided	Unassigned	Evergreen 2.9-beta
2.7	Fix Released	Undecided	Unassigned	Evergreen 2.7.7
2.8	Fix Released	Undecided	Unassigned	Evergreen 2.8.3

Bug Description

Confirmed in Evergreen 2.8 and 2.5, likely affects all versions.

The PCRUD <retrieve> permission for distribution formulas (acq.distribution_formula) requires that staff creating purchase orders via the PO batch update bar (along the top of the PO page) using distribution formulas must have the ADMIN_ACQ_DISTRIB_FORMULA permission. This should be downgraded to CREATE_PURCHASE_ORDER so regular ACQ order staff can use them. Write operations should remain as-is.

Patch en route.

Tags:

Revision history for this message

Bill Erickson (berick) wrote on 2015-06-09:

Correction: The perm should not be downgrade, but augmented with the additional CREATE_PURCHASE_ORDER permission.

Revision history for this message

Bill Erickson (berick) wrote on 2015-06-09:

Fix pushed:

http://git.evergreen-ils.org/?p=working/Evergreen.git;a=shortlog;h=refs/heads/user/berick/lp1463590-dist-form-pcrud-read-perms

tags:	added: pullrequest
Changed in evergreen:
milestone:	none → 2.next
milestone:	2.next → 2.8.2

Revision history for this message

Bill Erickson (berick) wrote on 2015-06-10:

Test plan:

1. Create at least one distribution formula w/ entries with an administrative account in the staff client then log out.
2. Login with an "Acquisitions" user (profile=6) to the staff client (e.g. br1mroberts in concerto)
3. Create a new purchase order or load a pending (pre-activated) purchase order for the same location at which the distribution formula exists.
4. The Distribution Formula selector in the batch update bar will be empty prior to applying this patch. With the patch, the formula will appear.

Evergreen Bug Maintenance (bugmaster) on 2015-06-18

Changed in evergreen:
milestone:	2.8.2 → 2.8.3
status:	New → Triaged

Revision history for this message

Ben Shum (bshum) wrote on 2015-08-19:

Picked to master and backported to rel_2_8 and rel_2_7. Thanks Bill, seems sane to me.

Changed in evergreen:
milestone:	2.8.3 → 2.9-beta
assignee:	Bill Erickson (berick) → nobody
status:	Triaged → Fix Committed

Evergreen Bug Maintenance (bugmaster) on 2015-09-17

Changed in evergreen:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.