search

AFG-Polio-Data / APMIS-Project

APMIS (Afghanistan Polio Management Information System) is an supplemental Immunization Activities management system to manage the vaccination activities in the country.
https://test.afghanistan-apmis.com
GNU General Public License v3.0
4 stars 8 forks source link

User without bulk action delete permissions can see delete button #701

Closed bnygren closed 4 weeks ago

bnygren commented 1 month ago

Users with roles that do not have permission to make bulk edits are able to see the 'Enter Bulk Edit Mode' button, and when clicked they can see bulk actions like 'Delete'. They can then go through with deleting a record and receive a pop-up message saying the record was deleted. However, since their user role is not permitted to delete records, the record isn't actually deleted/archived.

This leads to some confusion among data managers who think they have deleted a record, when the record has not been deleted.They should not be able to see the 'Bulk Edit' actions that they do not have permission for, and if they don't have permissions for any actions they should not see the 'Bulk Edit' option at all.

bnygren commented 4 weeks ago

I'm trying to close this issue, but not sure which user type were the ones who could see the bulk button but should not have (i.e., what user type should I check for this). If someone can comment that would help here. Thanks

Eutit5 commented 4 weeks ago

@DevSeg please respond to the comment above. Thanks

DevSeg commented 4 weeks ago

Hi @bnygren only users with the "Admin" Userrole should be able to see the bulk edit button and carry out bulk actions such as "Delete". Meanwhile, only WHO users who are "Admin" and "Publish User" can see the "Publish and Verify Buttons"

bnygren commented 4 weeks ago

Thanks @DevSeg @Eutit5