fpigeonjr
commented
2 weeks ago Frontend fix here https://github.com/HHS/OPRE-OPS/pull/2700
Open fpigeonjr opened 2 weeks ago
fpigeonjr
commented
2 weeks ago Frontend fix here https://github.com/HHS/OPRE-OPS/pull/2700
fpigeonjr
commented
2 days ago create-budget-line workflow has been removed so may be best to test via api calls
Non-Agreement team members are able to create a budget line
Expected Behavior
Non-Agreement team members should be blocked from creating budget lines in the system.
Current Behavior
Non-Agreement team members are currently able to create budget lines, which should be restricted to Agreement team members only.
Possible Cause
The backend may not be properly checking user roles or permissions before allowing budget line creation.
Steps to Reproduce
1. Log in as a non-Agreement team member2. Navigate to the create-budget-line worflow3. Attempt to create a new budget line from an agreement you are a non-member4. Observe that the system allows the creation of the budget lineContext
This issue affects the integrity of our budget management system. It could lead to unauthorized budget entries and potential financial discrepancies. The issue was observed in the
localdevenvironment of OPS.See also #2789
Detailed Description
The system needs to implement a backend check to verify that the user attempting to create a budget line belongs to the Agreement team. This check should occur before any budget line creation is processed. If the user is not part of the Agreement team, the system should reject the attempt and return an appropriate error message.
Possible Implementation