SORMAS-Project

SORMAS-Project copied to clipboard

Bug Description

• persons who have attached cases and contacts can be recognized as cases in the person directory even if they are not supposed to be recognized
• the quick filter all shows persons who only have one entity as case or one entity as contact

Steps to Reproduce

1. Log in as an admin
2. Go to the person directory and make sure there are cases and contacts mentioned
3. Create a role without the right to see cases and without the right to see contacts, but with the right to see persons (role described under additional information )
4. Create a user with this role and open the person directory

Expected Behavior

1. On the left side there is the menu-points persons
2. On the left side there are no menu-points cases or contacts
3. In the person directory the quick filter case and the quick filter contacts are missing
4. Under the quick filter all ONLY the persons should be visible who have at least one entity as event participant or travel entry
5. Error message should not appear?

Additional information: I focus here on cases and contacts but if you see the created user roles below you may recognize that the right VIEW_EVENT PARTICIPANT and VIEW_TRAVEL ENTRY is not given, too. So actually no person or quick filter should be visible.

Implementation Details

• [ ] In the person directory each quick filter should only be visible when the user has access to the related _VIEW right.

Screenshots

Description:

• no quick filter 'contact'
• If i can count i will know there are at least 3 contacts in the system and i also know which persons are the contacts, because i can compare the persons in the quick filter cases with the persons under the quick filter all and the another quick filters are 0
• The error message Access to the specified resource has been forbidden. Please contact your supervisor or administrator and inform them about it. Please reload the page to see the latest changes appears

Description: If you click on the quick filter case and if you open a person you cannot see the entity case. That is good, but you KNOW that there is the entity because of the shown quick filter

Description: This is shown with the user role admin:

System Details

• Device:
• SORMAS version: 1.75
• Android version/Browser: Edge
• Server URL: release-x
• User Role: viewcase / password: the default one

Additional Information

Maybe the right PERSON_VIEW means, that all persons in the systems are shown by adding this filter. We have two problems, if the right is defined like this:

1. Why is the quick filter contacts than not visible?
2. What can a user do, if he wants that a user neither can see the case directory nor the persons who ONLY have a case entity in the person directory but do not want to completely abandon the person directory?

user role: sormas_benutzerrollen_2022-09-13_case view.xlsx

@SahaLinaPrueger For the aspect of not listing persons the user should not have access to, I have created #10414

@MartinWahnschaffe thank you, so this issue is only about: In the person directory each quick filter should only be visible when the user has access to the related _VIEW right.

Verified ticket on local environment using the latest version of Sormas 1.76.0-SNAPSHOT (9449ed2) from the development branch. Because 1.75.3 was already released, I opened new bug reports for the issues that I have found: https://github.com/hzi-braunschweig/SORMAS-Project/issues/10509 and https://github.com/hzi-braunschweig/SORMAS-Project/issues/10511 .

Also, the translation has not been yet fetched from crowdin.