SORMAS-Project icon indicating copy to clipboard operation
SORMAS-Project copied to clipboard

Published 20 hours ago verified publisher icon SORMAS-Foundation

User roles should have optional link to default user role [5]

Open MartinWahnschaffe opened this issue 3 years ago • 0 comments

Problem Description

Default user roles are changed over time when new user rights are added, existing rights removed or user right configurations changed/fixed. So far we have tried to migrate these changes by automatically applying new user rights to existing user roles based on their existing user rights. Most often this works fine, but sometimes it doesn't work,. An example for this is #8892: External lab users need to receive the right to see sensitive data, but there is no way to generically decide about this based on other user rights of a user role.

Proposed Change

  • [ ] Give the user role entity a new field linkedDefaultUserRole that maintains a link to the default user role that was used to create this user role. For future migrations, when a change is made to the default user role, all user roles that are linked to it are changed accordingly.
  • [ ] The default user role + default user logic that is currently relying on the user captions needs to be changed to use this new fields instead, to make it more resilient. See implementation details.
  • [ ] Edit form: The user can either remove the link to the default user role or even set it for a user role that was manually created.
  • [ ] "Apply user role template" is visible in both the main and notifications edit view and opens a popup with a drop-down to select the user role, including the description we use in the creation form. When a "linked default user role" is selected in the edit form, it is used as the default value for the drop-down in the popup.
  • [ ] Creation form: Move the user role template info to the right side of the template selection drop-down.
  • [ ] Creating a user role based on a template or applying a template should also fill the "linked default user role" field. Either to the used default user role or to the linked default user role of the template.

Edit Form

grafik

Creation Form

grafik

Acceptance Criteria

  • The automatically created user roles on existing systems and on newly setup systems are correctly linked to the default user roles.

Implementation Details

  • [ ] The INSERT statement in the 460 schema update should set the correct linked default user roles
  • [ ] StartupShutdownService.fillDefaultUserRoles should use the linked default user role instead of the caption
  • [ ] Same for StartupShutdownService.upgrade to 469 and 471
  • [ ] Same for the calls to StartupShutdownService.createOrUpdateDefaultUser and createAndPersistDefaultUser - which should probably be unified.
  • [ ] Add a new schema version update that set's the linkedDefaultUserRole based on the caption for those user roles that don't have it yet. This is only relevant for systems that have already rolled-out schema version 460+

MartinWahnschaffe avatar Jun 28 '22 08:06 MartinWahnschaffe