Create a new ADMIN_EDI permission
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Evergreen |
Confirmed
|
Wishlist
|
Unassigned |
Bug Description
Wishlist.
EDI account viewing and management are currently governed by the ADMIN_PROVIDER permission. This should be split off into its own permission, since EDI accounts contain login information that might not need to be as widely shared as the ability to create/manage providers.
Example: I might want my regional libraries to create their own providers, but I don't necessarily want them creating or viewing EDI account information.
An ADMIN_EDI permission could also govern deleting EDI messages. Right now there is a button in the autogenerated EDI Messages interface to delete EDI messages, which happens with no perm check (see bug 1863154). Having the ability to delete EDI messages *might* not be a bad thing, since that could possibly function as a "resend order" option (see bug 1218423). But I'd 100% want that to be governed by a perm.
Changed in evergreen: | |
importance: | Undecided → Wishlist |
Changed in evergreen: | |
status: | New → Confirmed |
tags: | added: acq-admin acq-edi |
I agree that ADMIN_EDI should be split out from ADMIN_PROVIDER, and am also in agreement that the ability to delete EDI messages on the staff side (rather than server side) should be implemented and also have its own permission.