[Quality Management] Improve Permissions

src/Apps/W1/Quality Management/Test Library/src/QltyInspectionUtility.Codeunit.al

@@ -54,15 +54,15 @@ codeunit 139940 "Qlty. Inspection Utility"
         LibraryUtility: Codeunit "Library - Utility";
         NoSeriesCodeunit: Codeunit "No. Series";
         DefaultResult2PassCodeLbl: Label 'PASS', Locked = true;
-        SupervisorRoleIDTok: Label 'QltyMngmnt - Edit', Locked = true;
+        AdminSupervisorRoleIDTok: Label 'QltyMngmnt - Admin', Locked = true;
 
     internal procedure EnsureSetupExists()
     var
         QltyAutoConfigure: Codeunit "Qlty. Auto Configure";
         UserPermissionsLibrary: Codeunit "User Permissions Library";
     begin
         QltyAutoConfigure.EnsureBasicSetupExists(false);
-        UserPermissionsLibrary.AssignPermissionSetToUser(UserSecurityId(), SupervisorRoleIDTok);
+        UserPermissionsLibrary.AssignPermissionSetToUser(UserSecurityId(), AdminSupervisorRoleIDTok);
     end;
 
     internal procedure CreateABasicTemplateAndInstanceOfAInspection(var OutCreatedQltyInspectionHeader: Record "Qlty. Inspection Header"; var OutQltyInspectionTemplateHdr: Record "Qlty. Inspection Template Hdr.")

src/Apps/W1/Quality Management/app/src/AccessControl/QltyPermissionMgmt.Codeunit.al

@@ -28,7 +28,7 @@ codeunit 20406 "Qlty. Permission Mgmt."
         ActionChangeItemTrackingLbl: Label 'change item tracking';
         ActionChangeSourceQuantityLbl: Label 'change source quantity';
         ActionEditLineCommentLbl: Label 'edit line note/comment';
-        SupervisorRoleIDTxt: Label 'QltyMngmnt - Edit', Locked = true;
+        AdminSupervisorRoleIDTxt: Label 'QltyMngmnt - Admin', Locked = true;
         UserDoesNotHavePermissionToErr: Label 'The user [%1] does not have permission to [%2].', Comment = '%1=User id, %2=permission being attempted';
 
     /// <summary>
@@ -64,7 +64,7 @@ codeunit 20406 "Qlty. Permission Mgmt."
     /// <returns>True if the user can change other users' inspections; otherwise, false.</returns>
     internal procedure CanChangeOtherInspections(): Boolean
     begin
-        exit(HasSupervisorRole());
+        exit(HasAdminSupervisorRole());
     end;
 
     /// <summary>
@@ -90,10 +90,22 @@ codeunit 20406 "Qlty. Permission Mgmt."
     /// </summary>
     internal procedure VerifyCanReopenInspection()
     begin
-        if not CanModifyTableData(Database::"Qlty. Inspection Header") then
+        if not CanReopenInspection() then
             Error(UserDoesNotHavePermissionToErr, UserId(), ActionReopenInspectionLbl);
     end;
 
+    /// <summary>
+    /// Checks if the current user can reopen an inspection.
+    /// </summary>
+    /// <returns>True if the user can reopen an inspection; otherwise, false.</returns>
+    local procedure CanReopenInspection(): Boolean
+    begin
+        if not CanModifyTableData(Database::"Qlty. Inspection Header") then
+            exit(false);
+
+        exit(HasAdminSupervisorRole());
+    end;
+
     /// <summary>
     /// Verifies the current user can delete an open inspection. Throws an error if not permitted.
     /// </summary>
@@ -121,7 +133,7 @@ codeunit 20406 "Qlty. Permission Mgmt."
         if not CanDeleteTableData(Database::"Qlty. Inspection Header") then
             exit(false);
 
-        exit(HasSupervisorRole());
+        exit(HasAdminSupervisorRole());
     end;
 
     /// <summary>
@@ -160,7 +172,7 @@ codeunit 20406 "Qlty. Permission Mgmt."
         if not CanModifyTableData(Database::"Qlty. Inspection Header") then
             exit(false);
 
-        exit(HasSupervisorRole());
+        exit(HasAdminSupervisorRole());
     end;
 
     /// <summary>
@@ -195,15 +207,15 @@ codeunit 20406 "Qlty. Permission Mgmt."
     end;
 
     #region Verify Permissions
-    local procedure HasSupervisorRole() IsAssigned: Boolean
+    local procedure HasAdminSupervisorRole() IsAssigned: Boolean
     var
         UserPermissions: Codeunit "User Permissions";
         CurrentExtensionModuleInfo: ModuleInfo;
     begin
-        IsAssigned := HasUserPermissionSetDirectlyAssigned(UserSecurityId(), SupervisorRoleIDTxt);
+        IsAssigned := HasUserPermissionSetDirectlyAssigned(UserSecurityId(), AdminSupervisorRoleIDTxt);
         if not IsAssigned then
             if NavApp.GetCurrentModuleInfo(CurrentExtensionModuleInfo) then
-                IsAssigned := UserPermissions.HasUserPermissionSetAssigned(UserSecurityId(), CompanyName(), SupervisorRoleIDTxt, 0, CurrentExtensionModuleInfo.Id());
+                IsAssigned := UserPermissions.HasUserPermissionSetAssigned(UserSecurityId(), CompanyName(), AdminSupervisorRoleIDTxt, 0, CurrentExtensionModuleInfo.Id());
         if not IsAssigned then
             IsAssigned := UserPermissions.IsSuper(UserSecurityId());
     end;

src/Apps/W1/Quality Management/app/src/Document/QltyInspectionHeader.Table.al

@@ -34,7 +34,8 @@ table 20405 "Qlty. Inspection Header"
     DrillDownPageId = "Qlty. Inspection List";
     LookupPageId = "Qlty. Inspection List";
     DataClassification = CustomerContent;
-    Permissions = tabledata "Qlty. Inspection Line" = d;
+    Permissions = tabledata "Qlty. Inspection Line" = d,
+                  tabledata "Qlty. I. Result Condit. Conf." = d;
 
     fields
     {

src/Apps/W1/Quality Management/app/src/Document/QltyInspectionLine.Table.al

@@ -22,6 +22,7 @@ table 20406 "Qlty. Inspection Line"
     LookupPageId = "Qlty. Inspection Lines";
     DrillDownPageId = "Qlty. Inspection Lines";
     DataClassification = CustomerContent;
+    Permissions = tabledata "Qlty. I. Result Condit. Conf." = d;
 
     fields
     {

src/Apps/W1/Quality Management/app/src/Permissions/AdministratorQltyMngmnt.PermissionSetExt.al

@@ -8,5 +8,5 @@ using System.Security.AccessControl;
 
 permissionsetextension 20402 "Administrator - QltyMngmnt" extends "Administrator"
 {
-    IncludedPermissionSets = "QltyMngmnt - Edit";
+    IncludedPermissionSets = "QltyMngmnt - Admin";
 }

src/Apps/W1/Quality Management/app/src/Permissions/D365BasicQltyMngmnt.PermissionSetExt.al → src/Apps/W1/Quality Management/app/src/Permissions/D365BasicIsvQltyMngmnt.PermissionSetExt.al

@@ -6,7 +6,7 @@ namespace Microsoft.QualityManagement.Permissions;
 
 using System.Security.AccessControl;
 
-permissionsetextension 20400 "D365 BASIC - QltyMngmnt" extends "D365 BASIC"
+permissionsetextension 20400 "D365 BASIC ISV - QltyMngmnt" extends "D365 BASIC ISV"
 {
-    IncludedPermissionSets = "QltyMngmnt - Edit";
+    IncludedPermissionSets = "QltyMngmnt - Admin";
 }

src/Apps/W1/Quality Management/app/src/Permissions/D365BusFullAccessQltyMngmnt.PermissionSetExt.al

@@ -8,5 +8,5 @@ using System.Security.AccessControl;
 
 permissionsetextension 20401 "D365 BUS FULL ACCESS - QltyMngmnt" extends "D365 BUS FULL ACCESS"
 {
-    IncludedPermissionSets = "QltyMngmnt - Edit";
+    IncludedPermissionSets = "QltyMngmnt - Admin";
 }

src/Apps/W1/Quality Management/app/src/Permissions/QltyMngmntEdit.PermissionSet.al → src/Apps/W1/Quality Management/app/src/Permissions/QltyMngmntAdmin.PermissionSet.al

@@ -18,9 +18,11 @@ using Microsoft.QualityManagement.Workflow;
 /// <summary>
 /// Used for administering Quality Management and supervising Quality Inspections.
 /// </summary>
-permissionset 20405 "QltyMngmnt - Edit"
+#pragma warning disable AS0125
+#pragma warning disable AS0090
+permissionset 20405 "QltyMngmnt - Admin"
 {
-    Caption = 'Quality Management - Full edit access';
+    Caption = 'Quality Management - Administrator';
     Access = Public;
     Assignable = true;
 
@@ -43,3 +45,5 @@ permissionset 20405 "QltyMngmnt - Edit"
         tabledata "Qlty. Inspection Header" = RIMD,
         tabledata "Qlty. Inspection Line" = RIMD;
 }
+#pragma warning restore AS0090
+#pragma warning restore AS0125

src/Apps/W1/Quality Management/app/src/Permissions/QltyMngmntInspector.PermissionSet.al

@@ -10,7 +10,6 @@ using Microsoft.QualityManagement.Configuration.SourceConfiguration;
 using Microsoft.QualityManagement.Configuration.Template;
 using Microsoft.QualityManagement.Configuration.Template.Test;
 using Microsoft.QualityManagement.Document;
-using Microsoft.QualityManagement.Integration.Inventory.Transfer;
 using Microsoft.QualityManagement.RoleCenters;
 using Microsoft.QualityManagement.Setup;
 using Microsoft.QualityManagement.Workflow;
@@ -27,20 +26,19 @@ permissionset 20404 QltyMngmntInspector
     IncludedPermissionSets = "QltyMngmnt - Objects";
 
     Permissions =
-        tabledata "Qlty. Workflow Config. Value" = RIMD,
-        tabledata "Qlty. Inspection Gen. Rule" = RIMd,
+        tabledata "Qlty. Workflow Config. Value" = Rim,
+        tabledata "Qlty. Inspection Gen. Rule" = R,
         tabledata "Qlty. I. Result Condit. Conf." = RIMd,
-        tabledata "Qlty. Inspection Result" = RIMd,
-        tabledata "Qlty. Inspection Template Hdr." = RIMd,
-        tabledata "Qlty. Inspection Template Line" = RIMd,
-        tabledata "Qlty. Test Lookup Value" = RIMd,
-        tabledata "Qlty. Management Setup" = RIMd,
-        tabledata "Qlty. Related Transfers Buffer" = RIMD,
-        tabledata "Qlty. Mgmt. Role Center Cue" = RIMd,
-        tabledata "Qlty. Inspect. Src. Fld. Conf." = RIMd,
-        tabledata "Qlty. Inspect. Source Config." = RIMd,
+        tabledata "Qlty. Inspection Result" = R,
+        tabledata "Qlty. Inspection Template Hdr." = R,
+        tabledata "Qlty. Inspection Template Line" = R,
+        tabledata "Qlty. Test Lookup Value" = R,
+        tabledata "Qlty. Management Setup" = R,
+        tabledata "Qlty. Mgmt. Role Center Cue" = Ri,
+        tabledata "Qlty. Inspect. Src. Fld. Conf." = R,
+        tabledata "Qlty. Inspect. Source Config." = R,
         tabledata "Qlty. Inspection Line" = RIMd,
         tabledata "Qlty. Inspection Header" = RIMd,
-        tabledata "Qlty. Test" = RIMd;
+        tabledata "Qlty. Test" = R;
 }
 

src/Apps/W1/Quality Management/app/src/RoleCenters/QltyInspectionActivities.Page.al

@@ -13,6 +13,7 @@ page 20425 "Qlty. Inspection Activities"
     RefreshOnActivate = true;
     SourceTable = "Qlty. Mgmt. Role Center Cue";
     ApplicationArea = QualityManagement;
+    Permissions = TableData "Qlty. Mgmt. Role Center Cue" = i;
 
     layout
     {

src/Apps/W1/Quality Management/app/src/Workflow/QltyWorkflowResponse.Codeunit.al

@@ -23,7 +23,8 @@ using System.Reflection;
 /// </summary>
 codeunit 20424 "Qlty. Workflow Response"
 {
-    Permissions = tabledata "Workflow Step Instance" = r;
+    Permissions = tabledata "Workflow Step Instance" = r,
+                  tabledata "Qlty. Workflow Config. Value" = im;
 
     var
         QltyWorkflowSetup: Codeunit "Qlty. Workflow Setup";

src/Apps/W1/Quality Management/test/src/QltyTestsPermissionMgmt.Codeunit.al

@@ -19,7 +19,7 @@ codeunit 139957 "Qlty. Tests - Permission Mgmt."
         QltyInspectionUtility: Codeunit "Qlty. Inspection Utility";
         LibraryAssert: Codeunit "Library Assert";
         UserDoesNotHavePermissionToErr: Label 'The user [%1] does not have permission to [%2].', Comment = '%1=User id, %2=permission being attempted';
-        SupervisorRoleIDTok: Label 'QltyMngmnt - Edit', Locked = true;
+        AdminSupervisorRoleIDTok: Label 'QltyMngmnt - Admin', Locked = true;
 
     [Test]
     procedure VerifyCanCreateManualInspection_ShouldError()
@@ -41,7 +41,7 @@ codeunit 139957 "Qlty. Tests - Permission Mgmt."
         // [SCENARIO] Verify that creating a manual inspection succeeds with proper supervisor permissions
 
         // [GIVEN] The supervisor role permission set is added
-        LibraryLowerPermissions.AddPermissionSet(SupervisorRoleIDTok);
+        LibraryLowerPermissions.AddPermissionSet(AdminSupervisorRoleIDTok);
 
         // [WHEN] VerifyCanCreateManualInspection is called
         QltyInspectionUtility.VerifyCanCreateManualInspection();
@@ -69,7 +69,7 @@ codeunit 139957 "Qlty. Tests - Permission Mgmt."
         // [SCENARIO] Verify that creating a re-inspection succeeds with proper supervisor permissions
 
         // [GIVEN] The supervisor role permission set is added
-        LibraryLowerPermissions.AddPermissionSet(SupervisorRoleIDTok);
+        LibraryLowerPermissions.AddPermissionSet(AdminSupervisorRoleIDTok);
 
         // [WHEN] VerifyCanCreateReinspection is called
         QltyInspectionUtility.VerifyCanCreateReinspection();
@@ -97,7 +97,7 @@ codeunit 139957 "Qlty. Tests - Permission Mgmt."
         // [SCENARIO] Verify that deleting an open inspection succeeds with proper supervisor permissions
 
         // [GIVEN] The supervisor role permission set is added
-        LibraryLowerPermissions.AddPermissionSet(SupervisorRoleIDTok);
+        LibraryLowerPermissions.AddPermissionSet(AdminSupervisorRoleIDTok);
 
         // [WHEN] VerifyCanDeleteOpenInspection is called
         QltyInspectionUtility.VerifyCanDeleteOpenInspection();
@@ -125,7 +125,7 @@ codeunit 139957 "Qlty. Tests - Permission Mgmt."
         // [SCENARIO] Verify that deleting a finished inspection succeeds with proper supervisor permissions
 
         // [GIVEN] The supervisor role permission set is added
-        LibraryLowerPermissions.AddPermissionSet(SupervisorRoleIDTok);
+        LibraryLowerPermissions.AddPermissionSet(AdminSupervisorRoleIDTok);
 
         // [WHEN] VerifyCanDeleteFinishedInspection is called        
         QltyInspectionUtility.VerifyCanDeleteFinishedInspection();
@@ -140,7 +140,7 @@ codeunit 139957 "Qlty. Tests - Permission Mgmt."
         // [SCENARIO] Verify that changing other users' inspections succeeds with proper supervisor permissions
 
         // [GIVEN] The supervisor role permission set is added
-        LibraryLowerPermissions.AddPermissionSet(SupervisorRoleIDTok);
+        LibraryLowerPermissions.AddPermissionSet(AdminSupervisorRoleIDTok);
 
         // [WHEN] VerifyCanChangeOtherInspections is called
         QltyInspectionUtility.VerifyCanChangeOtherInspections();
@@ -169,7 +169,7 @@ codeunit 139957 "Qlty. Tests - Permission Mgmt."
         // [SCENARIO] Verify that reopening an inspection succeeds with proper supervisor permissions
 
         // [GIVEN] The supervisor role permission set is added
-        LibraryLowerPermissions.AddPermissionSet(SupervisorRoleIDTok);
+        LibraryLowerPermissions.AddPermissionSet(AdminSupervisorRoleIDTok);
 
         // [WHEN] VerifyCanReopenInspection is called
         QltyInspectionUtility.VerifyCanReopenInspection();
@@ -197,7 +197,7 @@ codeunit 139957 "Qlty. Tests - Permission Mgmt."
         // [SCENARIO] Verify that finishing an inspection succeeds with proper supervisor permissions
 
         // [GIVEN] The supervisor role permission set is added
-        LibraryLowerPermissions.AddPermissionSet(SupervisorRoleIDTok);
+        LibraryLowerPermissions.AddPermissionSet(AdminSupervisorRoleIDTok);
 
         // [WHEN] VerifyCanFinishInspection is called
         QltyInspectionUtility.VerifyCanFinishInspection();
@@ -226,7 +226,7 @@ codeunit 139957 "Qlty. Tests - Permission Mgmt."
         // [SCENARIO] Verify that changing item tracking succeeds with proper supervisor permissions
 
         // [GIVEN] The supervisor role permission set is added
-        LibraryLowerPermissions.AddPermissionSet(SupervisorRoleIDTok);
+        LibraryLowerPermissions.AddPermissionSet(AdminSupervisorRoleIDTok);
 
         // [WHEN] VerifyCanChangeItemTracking is called
         QltyInspectionUtility.VerifyCanChangeItemTracking();
@@ -255,7 +255,7 @@ codeunit 139957 "Qlty. Tests - Permission Mgmt."
         // [SCENARIO] Verify that changing source quantity succeeds with proper supervisor permissions
 
         // [GIVEN] The supervisor role permission set is added
-        LibraryLowerPermissions.AddPermissionSet(SupervisorRoleIDTok);
+        LibraryLowerPermissions.AddPermissionSet(AdminSupervisorRoleIDTok);
 
         // [WHEN] VerifyCanChangeSourceQuantity is called
         QltyInspectionUtility.VerifyCanChangeSourceQuantity();