SORMAS-Project
SORMAS-Project copied to clipboard
Published
20 hours ago •
SORMAS-Foundation
SORMAS-Foundation
Lab officer can edit Contacts that are not in his jurisdiction
Bug Description
Lab officer can edit Contacts that are not in his jurisdiction
Steps to Reproduce
- As National User logged in create a contact without samples
- Remain in the screen of edit new created contact(in the URL remains the id of the Contact)
- Loggout
- Login in the same tab with a Lab officer
- Try to make a save on the Contact that is opened in the edit mode
- Look in list of Contacts if the saved Contact is present
Actual Behavior
The Contact saved is not present in the list of Contacts. The reason is the contact has no sample on it that is in the jurisdiction of the Lab officer(which is correct). The same issue appears also when testing by API endpoint. Lab officer has right to update a Contact even if is not in his jurisdiction of Laboratory.
Expected Behavior
Lab officer should not be able to save a Contact that has no sample referring to his assigned laboratory.
Screenshots
System Details
- Device:
- SORMAS version:
- Android version/Browser:
- Server URL:
- User Role: Lab Officer
