Loris icon indicating copy to clipboard operation
Loris copied to clipboard
verified publisher icon aces

[imaging_qc] module displays data not included in the user's project and site affiliations

Open h-karim opened this issue 5 years ago • 6 comments

Describe the bug The imaging_qc module displays data which is not included under the user's site and project assignments. If a user is assigned to site Montreal, and project "Challah", data from other sites and projects will still load into the front page. The site filter however limits the user's to filter to "Montreal" sites only which leads me to believe that data from other sites should not be displayed. Note that the project filter displays all the projects in its select menu. Given the selection menu of the site filter, the project filter may need to also be addressed.

To Reproduce

  1. Create a user with the following permission only:

Quality Control access

Make sure not to include View all-sites Imaging Browser pages or any other permissions 2. Assign the user site "Montreal" and project "Challah" 3. Log in as this user, and navigate to the imaging quality control module 4. Observe that the front page loads with data which includes values "Rome" and "Ottawa" under the site column, and "Rye", "pumpernickel" under the project column
5. Observe that the site filter only allows filtering to "Montreal" 6. Observe that the project filter allows filtering to all of the sites

What did you expect to happen? For the front page to exclude data under projects and sites the user is not affiliated to.

Browser Environment (please complete the following information):

  • OS: Ubuntu 18.04 LTS
  • Browser: chrome 83.0.4103.61 and firefox 76.0.1

Server Environment (if known): This was done using the testing VM for loris.

h-karim avatar May 22 '20 16:05 h-karim

missing info:

  • Does the User have or not have the relevant user-permissions ? e.g. View all-sites Imaging Browser pages ?

If this is under-specified in the test plan, let's make sure that's get updated.

christinerogers avatar May 22 '20 16:05 christinerogers

The user does not have the mentioned permission @christinerogers . Only the Quality control access.

h-karim avatar May 22 '20 16:05 h-karim

great. This issue description should have contained that information -- please update it.

christinerogers avatar May 22 '20 16:05 christinerogers

@h-karim this is indeed an issue but I think the best course of action for this module is simply to data frameworkify it and since that's too major of. a change for this release I would simply release 23 with an asterisk on this module saying site and project filters do not apply .

We could discuss it at the loris meeting if need be. @driusan might have some thoughts too

ridz1208 avatar Jun 01 '20 11:06 ridz1208

@ridz1208 That sounds reasonable to me.. I'm surprised it's not already data frameworkified, but you're right, it's not, so that would probably be best.

driusan avatar Jun 01 '20 12:06 driusan

@AlexandraLivadas have you had a chance to look at this ?

ridz1208 avatar May 28 '24 16:05 ridz1208