SORMAS-Project icon indicating copy to clipboard operation
SORMAS-Project copied to clipboard

Published 20 hours ago verified publisher icon SORMAS-Foundation

Missing PERSON_VIEW and PERSON_EDIT rights have side effects

Open kwa20 opened this issue 2 years ago • 1 comments

Bug Description

When a user role has the rights to view and edit entities that are connected to persons, it is not required to also select either PERSON_VIEW or PERSON_EDIT rights. Since associated entities like cases, contacts and event participants are dependent on persons, this results in errors and side effects when trying to use the system.

Entities can neither be created, edited or properly navigated through.

Steps to Reproduce

  1. Create a user role that has view, create and edit rights for person associated entities but is missing person view and edit rights
  2. Create a user and give them this user role
  3. Login as the user and try creating, navigating through and editing associated entities

Expected Behavior

Person related entity rights should be reliant on either PERSON_VIEW and PERSON_EDIT rights respectively

Screenshots

Examples:

userRoleTests userRoleTests2 userRoleTests3

System Details

  • Device:
  • SORMAS version: 1.75.0
  • Android version/Browser: chrome
  • Server URL: test1402.sormas.netzlink.com
  • User Role: admin, national user

Additional Information

kwa20 avatar Sep 20 '22 18:09 kwa20

This is probably what causes #10361. Added a reference to this issue there, we can probably close this one as soon as #10361 has been tackled.

MateStrysewske avatar Sep 21 '22 08:09 MateStrysewske

@kwa20 so cause 10361 is closed, can we close this one?

JaquM-HZI avatar Oct 12 '22 10:10 JaquM-HZI