[Bug 41550] New: Add Koha::Role object
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=41550 Bug ID: 41550 Summary: Add Koha::Role object Initiative type: --- Sponsorship --- status: Product: Koha Version: unspecified Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 - low Component: Architecture, internals, and plumbing Assignee: koha-bugs@lists.koha-community.org Reporter: lisette@bywatersolutions.com QA Contact: testopia@bugs.koha-community.org For RBAC -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=41550 Lisette Scheer <lisette@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.koha-community | |.org/bugzilla3/show_bug.cgi | |?id=41549 CC| |martin.renvoize@openfifth.c | |o.uk Blocks| |20813 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 [Bug 20813] Revamp user permissions system -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=41550 --- Comment #1 from Lisette Scheer <lisette@bywatersolutions.com> --- Make the object, create deafult system roles, add admin ui for role management -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=41550 Lisette Scheer <lisette@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |41551 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=41551 [Bug 41551] Build migration tool for new permissions -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=41550 Lisette Scheer <lisette@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |38137 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=38137 [Bug 38137] Refactor Auth to check the new Koha::Permissions and Koha::Roles objects -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=41550 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dcook@prosentient.com.au -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=41550 Jonathan Druart <jonathan.druart@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jonathan.druart@gmail.com --- Comment #2 from Jonathan Druart <jonathan.druart@gmail.com> --- I would suggest to group the different new modules under the same namespace. Koha::Role is too generic. Examples: Koha::Auth::Permissions Koha::Auth::Roles or Koha::AccessControl::Permissions Koha::AccessControl::Roles -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=41550 Lisette Scheer <lisette@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|Add Koha::Role object |Add | |Koha::AccessControl::Role | |object -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=41550 --- Comment #3 from Lisette Scheer <lisette@bywatersolutions.com> --- *** Bug 38063 has been marked as a duplicate of this bug. *** -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=41550 Lisette Scheer <lisette@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks|20813, 41551 | Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20813 [Bug 20813] Revamp user permissions system https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=41551 [Bug 41551] Build migration tool for new permissions -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=41550 --- Comment #4 from Lisette Scheer <lisette@bywatersolutions.com> --- Add the objects, api, update the patron object to check for roles, permissions using this new model The spec for the work we're planning is linked on 20813 now, I'm trying to put relevant information from it on each bug. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=41550 --- Comment #5 from Lisette Scheer <lisette@bywatersolutions.com> --- Roles would stack, so the most permissive role would override less permissive roles beneath and you can set a role to inherit permissions from another role, rather than recreating all the permissions for role A if role B is all of role A+extra permissions Predefined System Roles (just a starting point, though might be good to do one/full checkbox with subpermissions that currently exists so we could port to those?) These would be imported but only assigned if the existing permissions are a full match (if possible, since not everything has scopes right now) 1. Superlibrarian Description: Full system access Permissions: *:*:* (all permissions) 2. Circulation Staff Description: Front desk circulation operations Permissions: patrons:read:own_library patrons:update:own_library (limited fields) checkouts:create:own_library checkouts:delete:own_library (checkin) holds:create:own_library holds:read:own_library holds:update:own_library fines:read:own_library fines:create:own_library restrictions:read:own_library 3. Circulation Manager Description: Circulation management + overrides Inherits: Circulation Staff Additional Permissions: patrons:create:own_library patrons:delete:own_library checkouts:force:own_library checkouts:override:own_library fines:writeoff:own_library fines:refund:own_library restrictions:create:own_library restrictions:delete:own_library 4. Cataloger Description: Cataloging and item management Permissions: biblios:create:any biblios:read:any biblios:update:any items:create:own_library items:read:any items:update:own_library items:delete:own_library authorities:read:any authorities:update:any 5. Cataloging Manager Description: Full cataloging control Inherits: Cataloger Additional Permissions: biblios:delete:any items:batch_modify:any items:batch_delete:any authorities:create:any authorities:delete:any frameworks:update:none 6. Acquisitions Staff Description: Order and receive materials Permissions: vendors:read:none budgets:read:own baskets:create:own baskets:read:own_library baskets:update:own orders:create:own orders:read:own_library orders:receive:own_library invoices:read:own_library 7. Acquisitions Manager Description: Budget and vendor management Inherits: Acquisitions Staff Additional Permissions: vendors:create:none vendors:update:none budgets:manage:library_group baskets:delete:own_library orders:delete:own_library invoices:create:own_library invoices:update:own_library 8. Reports User Description: Run existing reports Permissions: reports:read:any reports:execute:own (only own reports) 9. Reports Manager Description: Create and manage all reports Permissions: reports:create:own reports:read:any reports:update:own reports:delete:own reports:execute:any 10. System Administrator Description: System configuration (not all-powerful) Permissions: system_preferences:read:none system_preferences:update:none libraries:manage:any circ_rules:manage:any marc_frameworks:manage:none patron_categories:manage:none staff_users:manage:any roles:manage:system 11. Branch Manager Description: Full control of own library Permissions: patrons:manage:own_library checkouts:manage:own_library holds:manage:own_library items:manage:own_library fines:manage:own_library staff_users:create:own_library staff_users:update:own_library reports:execute:any 12. Self-Check User (Special) Description: Kiosk/automated patron Permissions: checkouts:create:own_library checkouts:read:own (only own checkouts) holds:read:own -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=41550 --- Comment #6 from Katrin Fischer <katrin.fischer@bsz-bw.de> --- Will it be possible to create your own roles? And see what permissions a role includes? -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=41550 --- Comment #7 from David Cook <dcook@prosentient.com.au> --- I wonder if we want to steer clear of the words "System Administrator", because to me "System Administrator" should be all powerful. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=41550 --- Comment #8 from Lisette Scheer <lisette@bywatersolutions.com> --- Katrin, yes, the plan is to be able to make your own roles, these would be the prebuilt ones and the UI should show the permissions (plus reporting should be much easier to see what permissions folks have with the new/updates to tables) for each role. David, I can definitely see that. Maybe just "Administrator" or something? -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=41550 --- Comment #9 from Katrin Fischer <katrin.fischer@bsz-bw.de> --- Thanks for the quick reply, Lisette! -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
participants (1)
-
bugzilla-daemon@bugs.koha-community.org