Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[Statistics/Behavioural] Detailed View and Double Data Entry - Site permission fix #6861

Merged
merged 2 commits into from
Aug 3, 2020
Merged

[Statistics/Behavioural] Detailed View and Double Data Entry - Site permission fix #6861

merged 2 commits into from
Aug 3, 2020

Conversation

racostas
Copy link
Contributor

Brief summary of changes

Code refactorization of the functions _hasAccess and _checkCriteria.
Adds per projects permissions restrictions.

Testing instructions (if applicable)

A user with permission data_entry should be now able to access the 'breakdown per participant' only for the sites and projects it have access to.

Link(s) to related issue(s)

[Statistics/Behavioural] Fix permissions issues. Code refactoring. Ad…
2ef3f2c 
…ds per projects permissions restriction in the Detailed View
@racostas racostas requested review from laemtl and driusan July 22, 2020 19:57
@racostas racostas mentioned this pull request Jul 23, 2020
Closed
laemtl
laemtl requested changes Jul 30, 2020
View reviewed changes
Copy link
Contributor

@laemtl laemtl left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's working well for Data Entry Statistics, but the breakdown per participant for Double Data Entry Statistics displays entries for sites my user doesn't have access to (user can only access Pumpernickel/Montreal and can see Pumpernickel/Ottawa). If the user clicks on the link, it can also access the profile (whereas this profile is not accessible with the Access profile Search tool), which I think is another permission issue on the Candidate module level.

@racostas
Copy link
Contributor Author

Hi @laemtl , thanks for catching this. Could you please check if the new commit fix the stats? Thank you.

@laemtl laemtl added the Passed Manual Tests PR has undergone proper testing by at least one peer label Aug 3, 2020
@laemtl
Copy link
Contributor

laemtl commented Aug 3, 2020

@racostas Awesome, that fixes it, thank you!

@laemtl laemtl self-requested a review August 3, 2020 15:30
@driusan driusan merged commit 250c7b1 into aces:23.0-release Aug 3, 2020
@driusan
Copy link
Collaborator

driusan commented Aug 3, 2020

@laemtl can you create a ticket describing how to reproduce the candidate accessing with URL hacking (ie. which module) so that it can be fixed?

@laemtl
Copy link
Contributor

laemtl commented Aug 3, 2020

@driusan I opened an issue: #6880

@ridz1208 ridz1208 added this to the 23.0.2 milestone Aug 6, 2020
spell00 pushed a commit to spell00/Loris that referenced this pull request Aug 13, 2020
@racostas @spell00
[Statistics/Behavioural] Detailed View and Double Data Entry - Site p…
ce4a3f0 
…ermission fix (aces#6861)

Code refactorization of the functions _hasAccess and _checkCriteria.
Adds per projects permissions restrictions.

A user with permission data_entry should be now able to access the 'breakdown per participant' only for the sites and projects it have access to.

    Resolves aces#6659
spell00 pushed a commit to spell00/Loris that referenced this pull request Aug 13, 2020
@racostas @spell00
[Statistics/Behavioural] Detailed View and Double Data Entry - Site p…
47f5e18 
…ermission fix (aces#6861)

Code refactorization of the functions _hasAccess and _checkCriteria.
Adds per projects permissions restrictions.

A user with permission data_entry should be now able to access the 'breakdown per participant' only for the sites and projects it have access to.

    Resolves aces#6659
AlexandraLivadas pushed a commit to AlexandraLivadas/Loris that referenced this pull request Jun 15, 2021
@racostas @AlexandraLivadas
[Statistics/Behavioural] Detailed View and Double Data Entry - Site p…
af4f5da 
…ermission fix (aces#6861)

Code refactorization of the functions _hasAccess and _checkCriteria.
Adds per projects permissions restrictions.

A user with permission data_entry should be now able to access the 'breakdown per participant' only for the sites and projects it have access to.

    Resolves aces#6659
AlexandraLivadas pushed a commit to AlexandraLivadas/Loris that referenced this pull request Jun 15, 2021
@racostas @AlexandraLivadas
[Statistics/Behavioural] Detailed View and Double Data Entry - Site p…
a41e037 
…ermission fix (aces#6861)

Code refactorization of the functions _hasAccess and _checkCriteria.
Adds per projects permissions restrictions.

A user with permission data_entry should be now able to access the 'breakdown per participant' only for the sites and projects it have access to.

    Resolves aces#6659
AlexandraLivadas pushed a commit to AlexandraLivadas/Loris that referenced this pull request Sep 2, 2021
@racostas @AlexandraLivadas
[Statistics/Behavioural] Detailed View and Double Data Entry - Site p…
31cf870 
…ermission fix (aces#6861)

Code refactorization of the functions _hasAccess and _checkCriteria.
Adds per projects permissions restrictions.

A user with permission data_entry should be now able to access the 'breakdown per participant' only for the sites and projects it have access to.

    Resolves aces#6659
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@laemtl laemtl laemtl approved these changes

@driusan driusan Awaiting requested review from driusan

Assignees

@laemtl laemtl

Labels
Passed Manual Tests PR has undergone proper testing by at least one peer
Projects
None yet
Milestone
23.0.2
Development

Successfully merging this pull request may close these issues.
4 participants
@racostas @laemtl @driusan @ridz1208