Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Local system admin should not be able to create National System admin and National registrar #7698

Closed
SyedaAfrida opened this issue Oct 2, 2024 · 5 comments · Fixed by #8112
Closed

Local system admin should not be able to create National System admin and National registrar #7698

SyedaAfrida opened this issue Oct 2, 2024 · 5 comments · Fixed by #8112
Assignees
@euanmillar @Siyasanga
Labels
Bug Security
Milestone
v1.6.1

Comments

@SyedaAfrida
Copy link
Collaborator

Bug description:
Local system admin should not be able to create National System admin and National registrar

Steps to reproduce:

  1. Login as local system admin
  2. Go to Team
  3. Click on Create new user
  4. Observe the drop down options in roles

Actual result:
Local system admin has the option to create National System admin and National registrar

Expected result:
Local system admin should not be able to create National System admin and National registrar

Screenshot/ Recording:

j.mp4

Tested on:
https://login.farajaland-qa.opencrvs.org/?lang=en

Version:
V1.6.0
@SyedaAfrida SyedaAfrida added the Bug label Oct 2, 2024
@github-project-automation github-project-automation bot moved this to Backlog in OpenCRVS Core Oct 2, 2024
@euanmillar euanmillar added this to the v1.6.1 milestone Oct 2, 2024
@euanmillar euanmillar modified the milestones: v1.6.1, w IET Candidates Nov 8, 2024
@euanmillar euanmillar self-assigned this Nov 15, 2024
@euanmillar euanmillar moved this from Backlog to In Development in OpenCRVS Core Nov 15, 2024
@Siyasanga Siyasanga linked a pull request Nov 22, 2024 that will close this issue
ocrvs-7698 / ocrvs-7691 Stops local sys admin from creating national level staff #7996
Closed
@Siyasanga Siyasanga self-assigned this Nov 22, 2024
@euanmillar
Copy link
Collaborator

PR: #7996

Siyasanga added a commit that referenced this issue Nov 28, 2024
@Siyasanga
Move access mgnt into the gateway service
d7ab34f 
It is better to have in the gateway since most of access mgnt is handled there already

#7698
Siyasanga added a commit that referenced this issue Nov 28, 2024
@Siyasanga
refactor: the getSystemRoles() to propery use filters
2ac4ec2 
The way we were building the criteria object was buggy especially for when we are filtering based on user roles

#7698
Siyasanga added a commit that referenced this issue Nov 28, 2024
@Siyasanga
Filter User roles based on user that's requesting
5c7c5c3 
This is avoid users with lower roles creating or updating other users with higher roles

#7698
Siyasanga added a commit that referenced this issue Nov 28, 2024
@Siyasanga
Move access mgnt into the gateway service
8c83a39 
It is better to have in the gateway since most of access mgnt is handled there already

#7698
Siyasanga added a commit that referenced this issue Nov 28, 2024
@Siyasanga
refactor: the getSystemRoles() to propery use filters
0d1673c 
The way we were building the criteria object was buggy especially for when we are filtering based on user roles

#7698
Siyasanga added a commit that referenced this issue Nov 28, 2024
@Siyasanga
Filter User roles based on user that's requesting
9fd28d9 
This is avoid users with lower roles creating or updating other users with higher roles

#7698
Siyasanga added a commit that referenced this issue Nov 28, 2024
@Siyasanga
Filter User roles based on user that's requesting
a08c8cf 
This is avoid users with lower roles creating or updating other users with higher roles

#7698
Siyasanga added a commit that referenced this issue Nov 29, 2024
@Siyasanga
Move access mgnt into the gateway service
a9c6fa8 
It is better to have in the gateway since most of access mgnt is handled there already

#7698
Siyasanga added a commit that referenced this issue Nov 29, 2024
@Siyasanga
refactor: the getSystemRoles() to propery use filters
fb400bd 
The way we were building the criteria object was buggy especially for when we are filtering based on user roles

#7698
Siyasanga added a commit that referenced this issue Nov 29, 2024
@Siyasanga
Filter User roles based on user that's requesting
b46c67e 
This is avoid users with lower roles creating or updating other users with higher roles

#7698
Siyasanga added a commit that referenced this issue Nov 29, 2024
@Siyasanga
Record changes in the CHANGELOG
101ceee 
#7698
Siyasanga added a commit that referenced this issue Nov 29, 2024
@Siyasanga
Fix failing Role feature's resolver tests
274fcb6 
#7698
@Siyasanga Siyasanga linked a pull request Dec 2, 2024 that will close this issue
fix: Stops local sys admin from creating national level staff #8112
Merged
@Siyasanga Siyasanga moved this from In Development to In Code Review in OpenCRVS Core Dec 2, 2024
@euanmillar euanmillar moved this from In Code Review to Ready for QA in OpenCRVS Core Dec 3, 2024
rikukissa pushed a commit that referenced this issue Dec 5, 2024
@Siyasanga @euanmillar
fix: Stops local sys admin from creating national level staff (#8112)
f684e12 
* Move access mgnt into the gateway service

It is better to have in the gateway since most of access mgnt is handled there already

#7698

* refactor: the getSystemRoles() to propery use filters

The way we were building the criteria object was buggy especially for when we are filtering based on user roles

#7698

* Filter User roles based on user that's requesting

This is avoid users with lower roles creating or updating other users with higher roles

#7698

* Record changes in the CHANGELOG

#7698

* Revert "Filter User roles based on user that's requesting"

This reverts commit b46c67e.

* Revert "refactor: the getSystemRoles() to propery use filters"

This reverts commit fb400bd.

* Revert "Move access mgnt into the gateway service"

This reverts commit a9c6fa8.

* Fix failing Role feature's resolver tests

#7698

* Stop sys admins from de-activating themselves

The sys admin will no longer see the feature for their own accounts, it will only available on other users, this should stop them from eccidentally deactivating their accounts.

#7691

* Minor tisy up

---------

Co-authored-by: euanmillar <[email protected]>
@onnee04
Copy link
Collaborator

onnee04 commented Dec 5, 2024
edited
Loading

Mentioned issue is fixed

7698.mp4

@onnee04 onnee04 closed this as completed Dec 5, 2024
@github-project-automation github-project-automation bot moved this from Ready for QA to Completed in OpenCRVS Core Dec 5, 2024
@onnee04
Copy link
Collaborator

onnee04 commented Dec 5, 2024

@euanmillar @Siyasanga
But currently local system admin can deactivate national system admin/national registrar (if they are from same office). Also local system admin can not see role for national system admin/national registrar.

7698_deactivate.mp4

@onnee04 onnee04 reopened this Dec 5, 2024
@github-project-automation github-project-automation bot moved this from Completed to Backlog in OpenCRVS Core Dec 5, 2024
@onnee04 onnee04 moved this from Backlog to Ready to build in OpenCRVS Core Dec 5, 2024
@euanmillar
Copy link
Collaborator

@onnee04 @rikukissa @eduffus we have discussed this in the IET team. As the concept of a Local System Admin and a National System Admin is going to be deprecated in Custom Users & Scopes, we feel that the effort involved to fix this particular bug related to a Local System Admin being unable to read the role titles for a National Registrar, National System Admin in 1.6.1 is not worth resolving. It is our view that this is acceptable as a known issue: #7698 (comment)

@euanmillar euanmillar moved this from Ready to build to Ready for QA in OpenCRVS Core Dec 6, 2024
@eduffus
Copy link
Collaborator

eduffus commented Dec 6, 2024

Setting to "Closed as not planned - won't fix" as above

@eduffus eduffus closed this as not planned Won't fix, can't repro, duplicate, stale Dec 6, 2024
@github-project-automation github-project-automation bot moved this from Ready for QA to Completed in OpenCRVS Core Dec 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@euanmillar euanmillar

@Siyasanga Siyasanga

Labels
Bug Security
Projects
OpenCRVS Core
Status: Completed
Milestone
v1.6.1
5 participants
@euanmillar @Siyasanga @eduffus @onnee04 @SyedaAfrida