Cht-core: Can remove permissions from "Full Access" user

Created on 15 Mar 2016 · 9Comments · Source: medic/cht-core

It's possible to deny permission to some features for the so-called "Full Access" user:

screen shot 2016-03-15 at 10 39 15

Either this user should not be described as "full access", or it should not be possible to restrict permissions from this user.

3 - Low Bug

Source

alxndrsn

👍1

All 9 comments

hi frand @estellecomment, U is coot

Please close or schedule before the end of this sprint. See triaging old issues.

Nice Snek

nice-snek on 17 Feb 2017

Makes sense to me, setting Scheduled.
(I'd go for keeping the Full Access user, leaving it displayed, but blocking all the checkboxes to checked)

estellecomment on 28 Feb 2017

👍1

hi frand @abbyad, please triage before the end of this sprint.

nice-snek on 14 Sep 2017

This has already been triaged.

alxndrsn on 14 Sep 2017

Hey, looks like by default 'Full access' users have some permissions unchecked on an almost clean system on master.
screen shot 2017-10-19 at 18 50 15
Looks quite confusing. Is it intended? If so, should it be possible to check/uncheck them but not uncheck other permissions?

Update: on the other hand, I was able to create/update persons while logged in as a Full access (not admin) user, even though my permissions for updating/creating users were visually unchecked. Looks like that the code doesn't actually check for these permissions, but checks if a user has full access (haven't found yet how it does that so I can't be sure atm).

I conclude that all permission checkboxes should be visually checked for a Full access user and disabled. Or did I miss something?

cbrwizard on 19 Oct 2017

Hi @cbrwizard! As per your findings and the discussion above, these permissions boxes don't actually do anything for full_access users. Fix is either to get rid of them, or set them all to be both checked and disabled.

alxndrsn on 19 Oct 2017

👍1

The user role formerly known as "full access" is for people who can access all docs, but not necessarily have all permissions so being able to remove permissions is actually correct in this case. I completely agree the name is misleading so I've updated it to "National manager - access to all docs". It's not a role we use much any more and the design team are currently going through a role and permission redesign so I expect it'll change a lot then, perhaps to have a configurable set of roles rather than these hardcoded ones.

@cbrwizard You actually found another bug where the can_create_people and can_create_places were not being used in the UI, only in the API we use for scripting.

@alxndrsn Please code review both of these fixes in the attached PR.

garethbowen on 19 Oct 2017

@garethbowen gotcha. I guess this issue can be renamed then.

cbrwizard on 20 Oct 2017

Merged.

garethbowen on 23 Oct 2017

Was this page helpful?

0 / 5 - 0 ratings

Related issues

JSON forms with nested fields errors in the UI

garethbowen · 5Comments

New Household button missing

alxndrsn · 6Comments

Improve sms-gateway startup time on well-used installations

alxndrsn · 4Comments

Add person icon is not monochrome

abbyad · 3Comments

IDs of new documents are not added to changes requests until page refresh

alxndrsn · 6Comments