Restrict patron opt-in ... setting should be more restrictive

Bug #1757507 reported by Jason Boyer on 2018-03-21
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Evergreen
Undecided
Unassigned

Bug Description

The OUS org.restrict_opt_to_depth is intended to restrict the ability for patrons to opt-in to locations outside of the specified depth at the OU where it's set. However, if org.patron_opt_boundary is set to a depth above those excluded OUs the restriction is ignored. This makes it extremely difficult to define the patron opt-in boundary at the consortium level while also restricting opt-in from specific locations. As a more practical example, you can't restrict sibling branches from opt-in to each other but only at one system while using the system level as the boundary everywhere else.

Jason Boyer (jboyer) on 2018-03-21
description: updated
description: updated
Jason Boyer (jboyer) wrote :

Here it is:
http://git.evergreen-ils.org/?p=working/Evergreen.git;a=shortlog;h=refs/heads/user/jboyer/lp1757507-restrict-opt-in-for-real

It's simply a reordering of the existing tests but here's a simple way to test.

pre-patch
Set org.patron_boundary to 0 at the top of your consortium.
Set org.restrict_opt_to_depth to any level you like at a specific system level (or below) OU other than the one your workstation is in.
Search for a patron that should be at a restricted location.
Open user account and receive no notice of opt-in restriction.

post-patch:
Same as above but at final step you will be denied access to the patron's information because they can't be opted-in at your location.
Search for any user outside of the restricted area of the aou tree.
Open user account and receive no mention of opt-in.

tags: added: pullrequest
Changed in evergreen:
milestone: none → 3.next
Jason Boyer (jboyer) wrote :

While this patch addresses half of the issue, it doesn't actually address user search, so away goes the pullrequest tag. Will try to figure out how to make that all work out.

tags: removed: pullrequest
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers