Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

In User Audit page system admin action links are enabled for registrar #8571

Open
tiri39 opened this issue Feb 4, 2025 · 7 comments
Open
Labels
Milestone

Comments

@tiri39
Copy link
Collaborator

tiri39 commented Feb 4, 2025

Bug description:
Registrar can click the system admin actions like - created user/ edited user/ reactivated user/ deactivated user from the history section of user audit page.

Steps to reproduce:

  1. Login as a registrar.
  2. Navigate to the Team page.
  3. Navigate to the user audit page of any local system admin/ national system admin.
  4. Click on the system admin actions (created user/ edited user/ reactivated user/ deactivated).

Actual result:
System admin action links are enabled for registrar.

Expected result:
System admin actions should be disabled for registrar.

Screenshot/Recording:

Farajaland.CRS.-.Google.Chrome.2025-02-04.18-45-03.mp4

Tested on:
https://register.farajaland-qa.opencrvs.org/

Version:
v1.7.0

@tiri39 tiri39 added the Bug label Feb 4, 2025
@tiri39 tiri39 added this to the v.1.7.0 milestone Feb 4, 2025
@github-project-automation github-project-automation bot moved this to Backlog in OpenCRVS Core Feb 4, 2025
@tiri39 tiri39 moved this from Backlog to Ready to build in OpenCRVS Core Feb 4, 2025
@Zangetsu101
Copy link
Collaborator

@jpye-finch I don't think we have any separate scope for this now do we? Like if you have user:read scope you can view all the actions right?

@Zangetsu101
Copy link
Collaborator

Or would these actions fall under user:create / user:edit scopes perhaps?

@jpye-finch
Copy link
Collaborator

@Zangetsu101
Copy link
Collaborator

Just to make sure,

user.read:all -> This scope allows a user to view any user's audit page

So this only includes record related audits and not the account related ones?

@jpye-finch
Copy link
Collaborator

jpye-finch commented Feb 12, 2025

If a user can view a user profile page. Then they can see all audit history items

We can add more granular scopes later if required

@Zangetsu101
Copy link
Collaborator

@tiri39 I'll be moving this to ready for QA

@Zangetsu101 Zangetsu101 moved this from Ready to build to Ready for QA in OpenCRVS Core Feb 14, 2025
@makelicious makelicious moved this to Ready for QA in OpenCRVS Core Feb 19, 2025
@tiri39
Copy link
Collaborator Author

tiri39 commented Feb 24, 2025

Marking this as Completed as the defined scope for Local registrar (user having the scope to view user audit page, can see all audit history items) is working as expected.

Farajaland.CRS.-.Google.Chrome.2025-02-24.14-02-17.mp4

@tiri39 tiri39 moved this from Ready for QA to Completed in OpenCRVS Core Feb 24, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
Status: Completed
Development

No branches or pull requests

3 participants