Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix issue with when removing all assigned roles to users #636

Open
celinenilla opened this issue Oct 21, 2024 · 7 comments
Open

Fix issue with when removing all assigned roles to users #636

celinenilla opened this issue Oct 21, 2024 · 7 comments
Assignees
@gonzalesedwin1123

Comments

@celinenilla
Copy link

After removing a role from a user, nothing is automatically selected in user type thus when that user logs back in, error message appears.

Image

Image
@jannahadlaon
Copy link

Findings: Issue is still present.
Tested in: SP-MIS QA
STEPS:

  1. Log in as admin
  2. Create a user with any role
  3. Log out as admin
  4. Log in using the users credentials then log out
  5. Log back in as admin
  6. Remove the assigned roles for the user and save
  7. Log in using the user credentials. See issue belowImage

@celinenilla
Copy link
Author

@singhkaranvir25 , can you please help out with the expected behaviour for this?

@singhkaranvir25
Copy link

@celinenilla @jannahadlaon - As per my discussion with @kneckinator, it was concluded that this issue is caused by interlinking of "Role" with "User Type" configured under "Access Rights"

As soon as the last user role is deleted manually, the user type becomes null. Hence causing the screen with forbidden.

Whereas when user has an expired user role, it can still login and perform the actions on the application. (Which sounds like a separate but related issue). Additional issue observed was that when configuring the roles, fields such as "Center Area" "Companies" etc does not really matter. User has kind of full access.

Hence in my opinion, the expected behaviour of this ticket should be that when a user role is deleted, or expired. "User Type" value should remain intact. Which would allow user to login and have access to the available views such as dashboard.
image

image image

If the User Type is "Portal" or "Public", then access would look like as follows:
image

@celinenilla
Copy link
Author

@gonzalesedwin1123 , can you please have a look at the suggestion made by karan above?

@jannahadlaon
Copy link

Findings: Works as expected in using runboat instance
Tested in: Runboat instance

STEPS:

  1. Log in as admin
  2. Create a user with any role ( ex. Change request related roles)
  3. Log out as admin
  4. Log in using the users credentials then log out
  5. Log back in as admin
  6. Remove the assigned roles for the user and save
  7. Log in using the user credentials.
    Verify that no more errors encountered. Screen should still successfully log the user in.
    image
  8. Log in back as an admin and edit User Type is "Portal" or "Public"
  9. Log in as user in step 2 and verify that the screen displayed is:
    image

CC: @gonzalesedwin1123

@gonzalesedwin1123
Copy link
Member

@celinenilla Can we close this ticket then?

@celinenilla
Copy link
Author

Yes, setting to Done, since fixed already

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@gonzalesedwin1123 gonzalesedwin1123

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

When branches are created from issues, their pull requests are automatically linked.

refs/heads/636-openspp-modules OpenSPP/openspp-modules
4 participants
@celinenilla @gonzalesedwin1123 @jannahadlaon @singhkaranvir25