flexmeasures icon indicating copy to clipboard operation
flexmeasures copied to clipboard
verified publisher icon FlexMeasures

BUG: Button "Deactivate user" leads to authorisation error

Open ArdJonker opened this issue 1 year ago • 4 comments

Button "Deactivate user" leads to authorisation error

Steps to reproduce

  1. Loggedin as Ard-Read-Only
  2. Navigate to users through top menu
  3. Select user (eg Quik)
  4. Click Deactivate user button in top left.

##Result message "You cannot be authorized for this content or functionality. It requires admin permission(s)." result "Rejected" status "INVALID_SENDER"

Expected result

Or: Button not visible Or: Deactivated user

ArdJonker avatar Sep 20 '24 06:09 ArdJonker

This is a user in a consultancy account trying to deactivate a user in a consultee account, right? @nhoening any thoughts on whether or not this should be an allowed action?

Flix6x avatar Sep 21 '24 09:09 Flix6x

At this time,

  • Ard is not yet consultant, right?
  • We designed consultancy about reading. We have not implemented access around the other permissions.

So for now, deactivating the button if the current user is not account-admin, and we can open a discussion around allowing consultants to update, create children or delete

nhoening avatar Sep 21 '24 10:09 nhoening

To be more to the point:  Ard-Read-Only can only read, not make changes.

We should hide the button if the user is not admin or account-admin.

That closes this issue.

nhoening avatar Oct 22 '24 20:10 nhoening

account-admin

as i work on this I notice that the "account-admin" cant view the users page at all, if that's normal then the condition on who to see this button should be only the "admin"

joshuaunity avatar Oct 24 '24 11:10 joshuaunity