The title describes the feature pretty well.
So lets do the following:
Enable the Assign and Release custody actions for assets for self service users(both on asset page and bulk). The button title for self service users should be "Take custody" instead of assign.
You will need to add a specific PermissionAction for those cases: 'assign-custody' and 'release-custody'. Before we were using PermissionAction.update so you will need to adjust that for all cases
When the modal for custody opens, we need to have the selected user be disabled and already set to current user. We do that for booking create already.
In the action, we need to double check the userId to prevent malicious actions. For self_service we need to make sure the userId we are receiving from the custody form is the same as the current user's id.
I'm going to poke in here with my 2 cents. :) I think the permission to remove an asset from self custody should need to be explicitly allowed, or part of a role.
The title describes the feature pretty well. So lets do the following:
PermissionAction.update
so you will need to adjust that for all casesuserId
to prevent malicious actions. For self_service we need to make sure theuserId
we are receiving from the custody form is the same as the current user's id.