Urgent Management Dashboard BUG! Make sure adding a team member ONLY gives them provider access to the study they were added to

[danicahelb]

We found a bug with the Management Dashboard system. To recreate it:

1. go to the Management Dashboard of any study (we used Jilinde Costing Study of PrEP in Kenya) and click on the + Add Team Members button
2. add an email address that is NOT currently associated with a VEuPathDB account (we used clinepidbtests@hotmail.com)
3. the new team member gets an email that looks like this, and copies/pastes the link in their browser
4. the link take the new team member to the account creation page, where they register the email address to a VEuPathDB account
5. This new VEuPathDB account is now given STAFF privileges to ALL studies!!! (ie, Jilinde Costing Study of PrEP in Kenya, and also all other studies!) -- see user ID for Danica clinepitests Helb (220902410)

This needs to be fixed urgently as the Management Dashboard has been handed off to providers, and any provider can now add a new team member via the process described above

To do:

• [ ] Please make sure that the new team member is added to the list of Study team members and NOT to the list of VEuPathDB staff
• [ ] Also, please make sure that the new team member is ONLY added to the dashboard of the study they were originally added to
• [ ] It would be great if this fix could be patched into the live site ASAP, instead of waiting until the April release

Thanks!

[danicahelb]

This was not a bug.

If you are signed into your VEuPathDB account and open the link to register a new account in the same browser, then you end up editing your existing VEuPathDB account information.

In this case, I was logged in with my VEuPathDB account registered to dhelb@sas.upenn.edu. Using the registration link, I modified my account information to clinepitests@hotmail.com but the user ID (220902410) associated with it was still for my staff account.

closing ticket