Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Statistics/Behavioural] Detailed View and Double Data Entry - Site permission fix #6861

Conversation

racostas
Copy link
Contributor

Brief summary of changes

Code refactorization of the functions _hasAccess and _checkCriteria.
Adds per projects permissions restrictions.

Testing instructions (if applicable)

A user with permission data_entry should be now able to access the 'breakdown per participant' only for the sites and projects it have access to.

Link(s) to related issue(s)

…ds per projects permissions restriction in the Detailed View
Copy link
Contributor

@laemtl laemtl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's working well for Data Entry Statistics, but the breakdown per participant for Double Data Entry Statistics displays entries for sites my user doesn't have access to (user can only access Pumpernickel/Montreal and can see Pumpernickel/Ottawa). If the user clicks on the link, it can also access the profile (whereas this profile is not accessible with the Access profile Search tool), which I think is another permission issue on the Candidate module level.

@racostas
Copy link
Contributor Author

Hi @laemtl , thanks for catching this. Could you please check if the new commit fix the stats? Thank you.

@laemtl laemtl added the Passed manual tests PR has been successfully tested by at least one peer label Aug 3, 2020
@laemtl
Copy link
Contributor

laemtl commented Aug 3, 2020

@racostas Awesome, that fixes it, thank you!

@laemtl laemtl self-requested a review August 3, 2020 15:30
@driusan driusan merged commit 250c7b1 into aces:23.0-release Aug 3, 2020
@driusan
Copy link
Collaborator

driusan commented Aug 3, 2020

@laemtl can you create a ticket describing how to reproduce the candidate accessing with URL hacking (ie. which module) so that it can be fixed?

@laemtl
Copy link
Contributor

laemtl commented Aug 3, 2020

@driusan I opened an issue: #6880

@ridz1208 ridz1208 added this to the 23.0.2 milestone Aug 6, 2020
spell00 pushed a commit to spell00/Loris that referenced this pull request Aug 13, 2020
…ermission fix (aces#6861)

Code refactorization of the functions _hasAccess and _checkCriteria.
Adds per projects permissions restrictions.

A user with permission data_entry should be now able to access the 'breakdown per participant' only for the sites and projects it have access to.

    Resolves aces#6659
spell00 pushed a commit to spell00/Loris that referenced this pull request Aug 13, 2020
…ermission fix (aces#6861)

Code refactorization of the functions _hasAccess and _checkCriteria.
Adds per projects permissions restrictions.

A user with permission data_entry should be now able to access the 'breakdown per participant' only for the sites and projects it have access to.

    Resolves aces#6659
AlexandraLivadas pushed a commit to AlexandraLivadas/Loris that referenced this pull request Jun 15, 2021
…ermission fix (aces#6861)

Code refactorization of the functions _hasAccess and _checkCriteria.
Adds per projects permissions restrictions.

A user with permission data_entry should be now able to access the 'breakdown per participant' only for the sites and projects it have access to.

    Resolves aces#6659
AlexandraLivadas pushed a commit to AlexandraLivadas/Loris that referenced this pull request Jun 15, 2021
…ermission fix (aces#6861)

Code refactorization of the functions _hasAccess and _checkCriteria.
Adds per projects permissions restrictions.

A user with permission data_entry should be now able to access the 'breakdown per participant' only for the sites and projects it have access to.

    Resolves aces#6659
AlexandraLivadas pushed a commit to AlexandraLivadas/Loris that referenced this pull request Sep 2, 2021
…ermission fix (aces#6861)

Code refactorization of the functions _hasAccess and _checkCriteria.
Adds per projects permissions restrictions.

A user with permission data_entry should be now able to access the 'breakdown per participant' only for the sites and projects it have access to.

    Resolves aces#6659
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Passed manual tests PR has been successfully tested by at least one peer
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants