Users > Add user rights to view archived entities

[Candice-Louw]

Feature Description

As a manager/admin in SORMAS I would like to archive certain entities which will result in certain users (which do not have the right to view archived entities) not being able to see these archived entities anymore.

Added Value/Benefit

This ensures more fine-grained data access (data protection) and ensures that accidental work is not performed on archived entities.

Acceptance Criteria

• [x] New user right "View Archived X" visible in user rights list (at all affected entities) next to or underneath the "Archive X" entry
• [x] If "View Archived X" is not assigned to a user, the user should not be able to view the entity in single dearchiving, bulk dearchiving or by accessing the URL of the entity directly ( example Eventgroup, Case, Contact, Immunizations, Events, Event participants, Event groups, travel entries, environments, campaigns dearchiving/viewing) The above mentioned criteria should be applied to the following entities:
• [x] Event group
• [x] Case
• [x] Contact
• [x] Immunizations
• [x] Events
• [x] Event participants
• [x] Travel entries
• [x] Environment
• [x] Campaigns

• [x] A user can be assigned this right within existing and new roles
• [x] A user role without this right assigned to it is not able to see archived entities (even if they did the archiving themself)

Implementation Details

No response

Mockups

No response

Additional Information

Introduce a new user right, "View Archived X" to each entity in SORMAS with each current "Archive X" right.

This includes:

• [x] Tasks > +View Archived Tasks

• [x] Case Surveillance > +View Archived Cases

• [x] Contact Surveillance > +View Archived Contacts

• [x] Events > +View Archived Events

• [x] Events > +View Archived Event Participants

• [x] Events > +View Archived Event Groups

• [x] Immunization > +View Archived Immunizations

• [x] Travel Entries > +View Archived Travel Entries

• [x] Campaigns > +View Archived Campaigns

• [ ] Campaigns > +View Archived Campaigns Form Data (only the CAMPAIGN_FORM_DATA_VIEW_ARCHIVED right will be added, the missing functionalities will be implemented here: https://github.com/SORMAS-Foundation/SORMAS-Project/issues/13089)

• [x] Environments > +View Archived Environments

• [x] Infrastructure > +View Archived Infrastructure Data

The right to view archived entities should be Independent of the right to archive entities. This means that a person could have the right to archive an entity and at the same time is not allowed to see archived entities.

• [x] The default user roles which have "Archive X" right will have also "View Archived X" right too.

• [x] Add migration script (sormas_schema.sql) -> every user that currently has the "Archive X" right will be granted the "View Archive X" right as well. After that it needs to be changed through the UI.

• [x] The default roles which have ARCHIVE_X right will have VIEW_ARCHIVE_X right too.

[carina29]

Hello @Candice-Louw :) @markusmann-vg I have some questions related to the requirements from this ticket.

I've set a dependency between "Archive X" and "View Archived X". This would mean that "View archived X " will be automatically selected when "Archive X" is selected but this also means that when "View archived X" will be deselected the user will be prompted with a message that another right ("Archive X") is dependent on that right and the save will not be possible.

I can change the validation message to ignore all the VIEW_ARCHIVED_X rights when is checking the missing rights but in this way we would not be consistent with the overall dependent rights we have in Sormas. (when a right is checked by default because is depending on another right the unchecking of the right is prevented with a validation message)

Continuing on this flow, should also be considered some changes related to the Dearchiving ( single and bulk mode) and the filtering of the entities shown in the grid.

Till now for archiving and dearchiving only the ARCHIVE_X right was necessary. If we'll have the logic of 2 separate rights ( Archive X and View Archived X) the Dearchive should depend on both rights: Archive X and View Archived X both on single mode and in bulk mode. In single mode:

In bulk mode:

If the user will not have View archived X right, should not be able to see in the filter the Archived entities and select these entities and also the De-archive bulk actions will not be present:

How should we proceed with the above mentioned questions? :)

Note: Another idea we've discussed with the team is to consider who archived the ticket when we think on VIEW_ARCHIVE_X rights and the archiving user should have the right by default and maybe other users not ( but this implementation would need some investigation).

[SORMAS-JanBoehme]

Hi @carina29 Thanks for starting the implementation and the questions for clarification.

If there is an issue with the dependency between "Archive X" and "View Archived X" when deselecting one, please drop the requirement that both are selected at the same time when selecting "Archive X" and remove the dependency. Having the system work coherently in all cases is more important in my opinion than saving one click when setting up user roles.

Regarding the second part: I do not think it is neccessary to make the act of de-archiving dependant on having both rights. Although, at the end of the day, it will be, at least implicitly.

The way it should work is:

You have the right to Archive --> You can see and click the button "Archive" on an entity and see and use the bulk action to archive entitied but not use the filter option for "Archived X" in the dropdown. So, effectively you could de-archive things, but you can not reach the button to do it.

You have the right to View Archived Entitites --> You can see and use the filter for "Archived X" but can not see and use the button "De-Archive" or see and use the bulk action to de-archive.

You have both rights --> As above, so you are able to see archived entitites through the "View Archived X" right and as you are able to reach the button that triggers de-archiving or the bulk action you can also use this functionality.

Please do not add any implicit rights to view archived entitites based on who archived them. The fact that after someone without the right to see archived entitites can no longer access them is by design, to be in line with data privacy regulations.

If you have further questions or comments, please let me know.

[carina29]

Hi @SORMAS-JanBoehme :) ,

Thank you for the clarifications. :)

If I'll drop the initial dependencies between ARCHIVED and VIEW_ARCHIVED rights, for future changes the VIEW_ARCHIVED will be not automatically selected when ARCHIVED is selected as we agreed.

Related to the users we currently have in system, should we preserve this part , by adding a migration script to sormas_schema which will add to all the existent user roles with ARCHIVED rights the VIEW _ARCHIVED right too (with the possibility to be changed in the future from the UI) ? Or leave it without a migration script and let the users decide from the UI.

Related to the parts where you've explained how should archive/dearchive work, I've added some screenshots:

1)"You have the right to Archive --> You can see and click the button "Archive" on an entity and see and use the bulk action to archive entities but not use the filter option for "Archived X" in the dropdown. So, effectively you could de-archive things, but you can not reach the button to do it."

->If the user will have only the ARCHIVE right (without VIEW_ARCHIVED right) The application will look like this:

If an entity is archived from single mode in this scenario will not be displayed in the grid but based on the URL can be still opened and dearchived so in this case the Dearchive button should appear when the user has both ARCHIVE and VIEW_ARCHIVED rights.

2)"You have the right to View Archived Entitites --> You can see and use the filter for "Archived X" but can not see and use the button "De-Archive" or see and use the bulk action to de-archive."

->if the user will have only the VIEW_ARCHIVED right (without ARCHIVED right) The application will look like this:

3)"You have both rights" -> everything is clear here

Thank you very much, @SORMAS-JanBoehme ! :)

[SORMAS-JanBoehme]

Hi @carina29, _If I'll drop the initial dependencies between ARCHIVED and VIEW_ARCHIVED rights, for future changes the VIEWARCHIVED will be not automatically selected when ARCHIVED is selected as we agreed. Yes, that is fine. The other implications you described sound more severe than dropping this requirement and having to click twice instead of once. :-)

_Related to the users we currently have in system, should we preserve this part , by adding a migration script to sormas_schema which will add to all the existent user roles with ARCHIVED rights the VIEW ARCHIVED right too (with the possibility to be changed in the future from the UI)?

yes, please provide a migration script so that every user that currently has the "Archive X" right will be granted the "View Archive X" right as well. After that it needs to be changed through the UI.

_->If the user will have only the ARCHIVE right (without VIEWARCHIVED right) The application will look like this: Yes, that's correct.

_If an entity is archived from single mode in this scenario will not be displayed in the grid but based on the URL can be still opened and dearchived so in this case the Dearchive button should appear when the user has both ARCHIVE and VIEWARCHIVED rights. Good Point, but theoretically the user should not be able to view the entity at all, even if they are using a direct URL if the entity is archived and they do not have the "View archived X" right. Otherwise they would be able to bypass this restriction. Just removing the button would not help. Access to archived entitites should be blocked, even when using a direct URL. This case was missing in the initial description. Good catch!

_->if the user will have only the VIEWARCHIVED right (without ARCHIVED right) The application will look like this: Yes, that's correct.

[carina29]

For Campaign Form Data there are missing functionalities and inconsistencies which will be implemented in this ticket: https://github.com/SORMAS-Foundation/SORMAS-Project/issues/13089. In the current ticket only the user right CAMPAIGN_FORM_DATA_VIEW_ARCHIVED will be added.

[richardbartha]

Tested on web local setup version 1.97.0-SNAPSHOT (9655678).