SORMAS-Project icon indicating copy to clipboard operation
SORMAS-Project copied to clipboard
verified publisher icon SORMAS-Foundation

Error in directories and when opening entries for specific user right combinations

Open SahaLinaPrueger opened this issue 3 years ago • 3 comments

Bug Description

If an admin checks the right VIEW_CASE and looks at the currently description he will find, that a user with this right is "able to view existing cases". He will expect that all necessary needed rights are automatically clicked on if he clicks the checkbox "VIEW_CASE".

Steps to Reproduce

  1. Create a user role only with the right "VIEW_CASE" with the jurisdiction "national" and create an attached user
  2. Try to log in as this user

Expected Behavior

With the right VIEW_CASE i am able to view cases. As this error will probably also occur in other directories/when opening other entries, we need to check those, too. It's possible that the reason is the missing user right to view existing persons. In that case, the solution would be to make sure there's a dependency between the view rights and the view persons right so that it's not possible to create user roles that can view an entry but not view its associated person.

Screenshots

user role_4 view case only

System Details

  • Device:
  • SORMAS version: 1.75.0
  • Android version/Browser: Edge
  • Server URL:
  • User Role: Only user right "VIEW_CASES"

Additional Information

It is ok that not all rights are clicked directly so that cases can be seen. Of course the admin has to make the decision regarding SORMAS_UI, personal/sensitive data etc. But we should document which rights the admin has to think about when he clicks the right "CASE_VIEW" / "CONTACT_VIEW" "..._VIEW". Maybe we need an additional column next to "needed user rights" with "rights to consider", so the user doesn't have to try all rights by himself. We cannot promise that the user is able to see something with this right, if it is not like that.

SahaLinaPrueger avatar Sep 15 '22 07:09 SahaLinaPrueger

#10362 documents a very similar error. This behaviour can probably be observed for multiple directories and might be connected to the missing user right to view existing persons.

MateStrysewske avatar Sep 21 '22 08:09 MateStrysewske

#10409 very likely describes the root of this problem.

MateStrysewske avatar Sep 21 '22 08:09 MateStrysewske

Solution as discussed with @MartinWahnschaffe: CASE_VIEW, CONTACT_VIEW, TRAVEL_ENTRY_VIEW, EVENTPARTICIPANT_VIEW, IMMUNIZATION_VIEW is dependent on PERSON_VIEW. CASE_EDIT, CONTACT_EDIT, TRAVEL_ENTRY_EDIT, EVENTPARTICIPANT_EDIT, IMMUNIZATION_EDIT is dependent on PERSON_EDIT. CASE_DELETE, CONTACT_DELETE, TRAVEL_ENTRY_DELETE, EVENTPARTICIPANT_DELETE, IMMUNIZATION_DELETE is dependent on PERSON_DELETE.

SahaLinaPrueger avatar Sep 21 '22 10:09 SahaLinaPrueger

Validated ticket on local setup using the latest sormas version 1.76-snapshot and while checking the code alongside the comment from this ticket.

AndyBakcsy-she avatar Oct 11 '22 19:10 AndyBakcsy-she