search

SparkDevNetwork / Rock

An open source CMS, Relationship Management System (RMS) and Church Management System (ChMS) all rolled into one.
http://www.rockrms.com
563 stars 345 forks source link

Person Signal Badge not Adhering to Signal Permissions #5914

Closed jdwrhodes closed 2 weeks ago

jdwrhodes commented 2 weeks ago

Description

Person Signals in the Top Person Signal Badge does not respect security.

Actual Behavior

Even when a Signal Type has security enabled. The badge still displays the Signal Type to any user.

Expected Behavior

We would have expected that the Signal Type security would have been respected in the badge and limited to those with access to the signal type.

Steps to Reproduce

Steps to Reproduce

  1. Create a new Signal Type https://rock.rocksolidchurchdemo.com/admin/security/signals
  2. Assign Security access to only Rock Admins.
  3. Add the new Signal to a person record.
  4. Sign in as Ted Decker (Non - Admin)
  5. Navigate to the record with the new signal.
  6. You will see the badge with the secured signal type present.

Issue Confirmation

Rock Version

16.4

Client Culture Setting

en-US

kfrazier13 commented 2 weeks ago

I ran into the same issue when I created signals in our instance (I believe we were on 15.1 at the time). I ended up having to secure the badge type so it would not show for everyone.

chead4 commented 2 weeks ago

@jdwrhodes Hi Joshua - Thank you for submitting your first issue.

After reviewing, this is the intended functionality of the security settings for the Person Signal Type. The security settings, for the “View” verb, controls a logged in person's ability to View the Security tab and not the Person Signal Type icon that appears on the badge. Therefore, in order to view the Person Signal Type notes, a logged in person must have access to the Security tab.

The Person Signal Type is meant as a discreet flag to bring attention to a matter or a means to prompt someone to further action, or a quick visual queue. It is best to use general names for signal types.

Next Steps: This issue will be closed and I will follow up internally to have the documentation updated for the Person Signal Types Security settings as it is not clear on the functionality.

jdwrhodes commented 2 weeks ago

@chead4 Gotcha. Thank you!

kfrazier13 commented 2 weeks ago

@chead4 Thank you for that clarification on how this feature is supposed to work!