Override functionality allows the user to perform an action that should be otherwise blocked.
Currently, there's only one type of check-out override - when the item is not loanable, we can make a call to POST /circulation/override-check-out-by-barcode to override this block and create a loan. There is also an endpoint for overriding renewals of items that are not renewable, declared lost, aged to lost etc. (POST /circulation/override-renewal-by-barcode).
Users need to be able to apply different kinds of overrides in multiple steps. Specifically, override of patron blocks will be added ( - UXPROD-1130Getting issue details... STATUS ) as well as override of item blocks ( - UXPROD-2127Getting issue details... STATUS ). The desired check-out flow should look like this:
- During a check-out, the user should be able to override patron blocks first (right after the patron is selected) and then start checking out items to the selected patron.
- In case when any of the check-outs are blocked for reasons other than patron block (item is not loanable, item limit block etc.), the user makes decisions about overriding those blocks separately, but patron blocks should be overridden automatically (because it has been already decided on the previous step).
- If there are multiple blocks that prevent an item from being borrowed, the whole list of reasons why this item can't be checked out should be displayed. The user should be able to review and override all of them in one go (with the appropriate permissions, of course).
Proposed changes to mod-circulation
Get rid of the "override" endpoints.
These endpoints should be removed:
- POST /circulation/override-check-out-by-barcode
- POST /circulation/override-renewal-by-barcode
Endpoints that are responsible for regular borrowing, requests and renewals will also be responsible for overrides now:
- POST /circulation/check-out-by-barcode
- POST /circulation/renew-by-barcode
- POST /circulation/renew-by-id
- POST /circulation/requests
- PUT /circulation/requests
UI might need to make two calls to the same endpoint in order to complete the action. First - to get the list of overridable blocks, second - to override these block after user's decision.
Return full list of overridable blocks
Endpoints (1-5) should return a full list of blocks that have to be overridden in order for action to be completed. When checking for blocks these processes shouldn't fail immediately when they find the first block. They should check for all blocks instead and include the results in the response. Typically, in case of an error the response structure looks like this:
An error needs to be added to the errors field with parameter array containing:
- key: "overridableBlocks", value: comma-separated string
A list of blocks that need to be overridden in order to complete this action. If this is the only error returned by the server and there are no other parameters, the client will know that it is possible to complete this action by overriding existing blocks. Existence of other kinds of errors tells the client that it doesn't make sense to override these blocks.
- key: "missingOverridePermissions", value: comma-separated string (optional)
If there are overridableBlocks, server may also include a list of missing override permissions. The user won't be able to complete this action, but he or she may want to request permission escalation ( - UXPROD-2645Getting issue details... STATUS ) based on this information.
Expect a list of blocks that user wants to override
Request bodies of endpoints (1-5) need to include a list of blocks that the requester wants to override. New (optional) field should be added to JSON schemas:
List of the appropriate blocks and their parameters may be dependent on the endpoint.
In case when this parameter is included in the request, the server should override all of the specified blocks if the user has sufficient permissions.
Each overridable action will be associated with a user permission that is required in order to override this action. These permissions need to be part of permissionsDesired rather than permissionsRequired which will allow to handle them in the code. For example, new permissions for POST /circulation/check-out-by-barcode: