[Koha-bugs] [Bug 32971] New: Access to ERM module requires 'erm' permission and 'vendors_manage' acquisition sub-permission

[bugzilla-daemon at bugs.koha-community.org]

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=32971

            Bug ID: 32971
           Summary: Access to ERM module requires 'erm' permission and
                    'vendors_manage' acquisition sub-permission
 Change sponsored?: ---
           Product: Koha
           Version: master
          Hardware: All
                OS: All
            Status: In Discussion
          Severity: enhancement
          Priority: P5 - low
         Component: ERM
          Assignee: jonathan.druart+koha at gmail.com
          Reporter: pedro.amorim at ptfs-europe.com
                CC: jonathan.druart+koha at gmail.com,
                    jonathan.field at ptfs-europe.com,
                    martin.renvoize at ptfs-europe.com,
                    pedro.amorim at ptfs-europe.com, tomascohen at gmail.com
        Depends on: 32968

To reproduce:
- Enable ERMModule
- Login as a staff member that only has 2 permissions:
-- catalogue (required for staff login)
-- erm
- Access erm page, check the 403 forbidden error

This happens because ERM module is requesting the /api/v1/acquisitions/vendors
api endpoint which in turn requires the vendors_manage sub-permission (see
acquisitions_vendors.yaml).

If you enable the acquisition vendors_manage sub-permission for that user,
you're able to confirm that you can now access the ERM module as expected.

Ideally, having just the 'erm' permission should be enough to be granted access
to ERM.


Referenced Bugs:

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=32968
[Bug 32968] Create granular permissions for ERM
-- 
You are receiving this mail because:
You are watching all bug changes.