ACQ+Vandelay permission improvements
Be more vigilant about enforcing permissions for various ACQ and
Vandelay actions.
1. Using vandelay to create new bib records now requres the IMPORT_MARC
permission (same as open-ils.cat.biblio.record.xml.import). If the
permission fails, the queued record will fail import and be stamped with
a new "import.record.perm_failure" vandelay import error.
2. Added suport for testing additional permissions before a new record
is created via vandelay. This allows interfaces leveraging vandelay
(e.g. ACQ) to create a higher barrier to entry. Added an ACQ perm
IMPORT_ACQ_LINEITEM_BIB_RECORD_UPLOAD that prevents users from creating
new bib records directly from the ACQ vendor MARC file upload interface.
The secondary permission is not meant as a security enhancement, per se,
since the user is required to have the IMPORT_MARC permission to get this
far in the process. It's more of a feature-specific precautionary
permission to prevent unintended record creation within certain
permission groups.
3. Checking the CREATE_PURCHASE_ORDER permission during the ACQ vendor
file upload process. It's absence appears to have been an oversight.
Signed-off-by: Bill Erickson <berick@esilibrary.com>
Signed-off-by: Ben Shum <bshum@biblio.org>
- [D] Open-ILS/src/sql/Pg/upgrade/XXXX.schema.acq-vandelay-integration.sql