No Permission Check When Opening Holdings Editor

Evergreen 3.9.1
Evergreen 3.10.1 (Jabok Library)
MOBIUS server

There is no longer an error message when a cataloger from another library attempts to change the circulation and owning libraries. The changes are saved and the item moves to the new "owning" library.

Also, anyone with the UPDATE_COPY can do this. Confirmed Circ1 and LocalAdmin also have the ability to change the owning/circ libraries on an item regardless of working location.

3.9.1 using Cat2

A Change Operator request does appear if I attempt to change anything other than the circulation/owning library attributes. Otherwise, the save goes through and the item is moved to its "new owner".

Evergreen Indiana has contacted with Equinox to produce a fix for this bug.

Something that was discussed at the Permissions Working Group yesterday:

An "Edit" link appears in the Call Number column in the Item Table for holdings records that staff members don't have permission to edit. This is similar bug #1920815, except for looking for UPDATE_VOLUME permissions at the appropriate depth. Basically, that edit link is appearing for other libraries' holdings, but it should probably be acting the same as the link to edit an item acts after the fix in #1920815 and only showing up if staff have the UPDATE_VOLUME permission at the appropriate depth.

I'm not sure when this was added; we upgraded from 3.7 to 3.11 earlier this month, so it's something that has been added in 3.8+

Andrea and Ruth, is fixing this within the scope of your contract? If not, I can report a separate bug.

Hi Dan - that's not in scope for what we're working on for Indiana. We're focusing on the Holdings Editor itself and not the Item Table.

I'd recommend a new bug for the Item Table.

Thanks, Andrea! I went to go report the bug and saw that it's already been reported as #2015112. Sorry about that!

I've created an omnibus bug for this and other improvements at
https://bugs.launchpad.net/evergreen/+bug/2061136