Angular client permission lookup broken
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Evergreen |
Fix Released
|
High
|
Unassigned | ||
3.3 |
Fix Released
|
High
|
Unassigned |
Bug Description
The Angular hasWorkPermHere() routine, when given a list of permissions, is meant to respond with a structure indicating whether or not the user has those permissions at their current workstation (or more precisely, at the OU associated with that workstation).
However, the check is broken and it ends up trying to compare a list of OUs that each permission is available at with the workstation _ID_, not the workstation's owning library. As a consequence, depending on the vagaries of the OU IDs and the workstation IDs, it may incorrectly report whether the user actually has the permission.
Interfaces that currently use this routine include:
- experimental staff catalog conjoined item editor
- experimental staff catalog parts editor
- experimental staff catalog hold placement override check
Evergreen 3.2+
Changed in evergreen: | |
status: | New → Confirmed |
assignee: | nobody → Bill Erickson (berick) |
Changed in evergreen: | |
status: | Fix Committed → Fix Released |
Setting importance to High no so much because of the current impact but because of the potential impact.