Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

XForm meta permissions failing on org forms #1479

Closed
ivermac opened this issue Sep 26, 2018 · 0 comments
Closed

XForm meta permissions failing on org forms #1479

ivermac opened this issue Sep 26, 2018 · 0 comments
Assignees
@lincmba
Labels
Support
Milestone
Week 45 - 46

Comments

@ivermac
Copy link
Contributor

ivermac commented Sep 26, 2018
edited by imkingrobi
Loading

If a form in project, created by an org, is assigned xform meta permissions, the submissions are not filtered based on the assigned permissions. To replicate:

  • Create an org
  • Create a project inside the org
  • Create a form inside the project
  • Make a couple of submissions to the form above as the owner
  • Share the project with a different user and add the user as a member
  • Create meta permissions using this link. Set the data-value to dataentry-minor|editor-minor.
  • Ask the other user to try accessing the data endpoint with the formid of the form above
  • The other user should be able to view the submissions that were made by the form owner BUT they SHOULDN'T.

Aha! Link: https://ona.aha.io/features/PROD-315
@ivermac ivermac added this to the Week 38 - 39 (2018) milestone Sep 26, 2018
@lincmba lincmba self-assigned this Oct 26, 2018
lincmba added a commit that referenced this issue Oct 26, 2018
@lincmba
Update user roles according to xform meta permissions provided.
d093c8c 
Fixes #1479
@lincmba lincmba mentioned this issue Oct 26, 2018
Merged
lincmba added a commit that referenced this issue Nov 21, 2018
@lincmba
Update user roles according to xform meta permissions provided.
767a713 
Fixes #1479
lincmba added a commit that referenced this issue Dec 3, 2018
@lincmba
Update user roles according to xform meta permissions provided.
73cdc79 
Fixes #1479
lincmba added a commit that referenced this issue Dec 3, 2018
@lincmba
Update user roles according to xform meta permissions provided.
d61169a 
Fixes #1479
Kirembu added a commit to Kirembu/onadata that referenced this issue Dec 13, 2018
@Kirembu
Merge branch 'master' of https://github.com/onaio/onadata
90d004b 
* 'master' of https://github.com/onaio/onadata: (70 commits)
  Remove link validity duration on email message. Links no longer expire after a day
  Update changelog - v1.16.0
  Code cleanup
  Only do validation to existing ordered columns in the ordered columns set to avoid creating new columns
  Test header order is maintained
  test
  fixes
  tests
  update tests, DataEntry Only role should not view any data or export
  DataEntry Only role should not view or export
  Apply meta permissions on team members individually as opposed to entire team
  fixes
  Apply meta permissions on teams as well as on users.
  Update meta permissions on sharing a project with a team
  Remove meta perms on ReadOnly role
  Tests for readonly user role
  clean up
  Meta permissions on readonly user role
  Remove unnecessary imports
  Update user roles according to xform meta permissions provided. Fixes onaio#1479
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lincmba lincmba

Labels
Support
Projects
None yet
Milestone
Week 45 - 46
Development

No branches or pull requests
4 participants
@ivermac @lincmba @faith-mutua @msschroeder