Evergreen

Add an "override opt-in" permission for searching for users across an instance

Bug #1030995 reported by Dan Scott on 2012-07-30

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Evergreen	Triaged	Wishlist	Unassigned

Bug Description

* Evergreen master

Something like http://git.evergreen-ils.org/?p=contrib/Conifer.git;a=commit; h=29f324d329a52cdb2a78dd1193f17a1781f44d45 is required for API calls that need to operate
against a number of libraries in a given instance that are using opt-in; otherwise, attempts to search for users will fail and you may end up creating near-duplicates etc.

The implementation adds an open-ils.actor.search.patron.advanced.opt_in_override method to open-ils.actor, which, if invoked, checks to see if the caller has the OPT_IN_OVERRIDE permission. If so, then the crazy_search ignores the normal opt-in limits and searches all pertinent users in the database.

As a global permission, OPT_IN_OVERRIDE is a blunt instrument. Others might want to put together a more refined version that uses OU depths to define boundaries.

We've been using this in production for almost a year now, so that we can automatically create Evergreen accounts when a new account is added to our LDAP directory.

Tags:

Dan Scott (denials) on 2012-07-30

Changed in evergreen:
importance:	Undecided → Wishlist

Jason Stephenson (jstephenson) on 2012-12-12

Changed in evergreen:
status:	New → Incomplete

Jason Stephenson (jstephenson) on 2012-12-12

Changed in evergreen:
status:	Incomplete → Triaged

Andrea Neiman (aneiman) on 2017-07-19

tags:

added: permissions

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.