search

alan-turing-institute / AssurancePlatform

Project to facilitate creation of Assurance Cases
MIT License
20 stars 6 forks source link

[BUG] Reviewer role cannot add comments to an assurance case #627

Open chrisdburr opened 1 day ago

chrisdburr commented 1 day ago

Just tested the new comments feature for individual elements, which is part of #437.

All good in terms of the UI, but the 'Reviewer' role is not able to add comments to an assurance case that has been shared with them. They can view them, but not add their own.

A reviewer should be able to add global and local (i.e. per element) comments.

'Editor' role can read and add ✅ 'Viewer' role can only read ✅

RichGriff commented 1 day ago

@chrisdburr the editor can make changes as I tested this, however i forgot about the reviewer role. So will put in the check for this role as well as edit.

RichGriff commented 22 hours ago

I have had to rework the assurance case comments part to match what we are doing with element comments. This is due to a conflict with the websocket stuff.

@cptanalatriste @chrisdburr - it seems that a user cannot delete or update a comment that they did not add, is this the intended use case?

If so, we'll need to find a suitable way to handle this error, as there isnt a way to identify the logged in user against a comment in the feed to prevent them having these options.

cptanalatriste commented 10 hours ago

Hi @RichGriff , I did add the logic that only the author of the comment can modify it or delete. @chrisdburr , is this the intended behaviour?

Also, when retrieving comments from the API each comment includes its author, so I imagine is possible to compare if it matches the user currently logged. Do you need anything else to implement the feature?

image
RichGriff commented 9 hours ago

We do get the logged in user but this is for other purposes and we don't store the user.

I'll take a look at storing this user in the state instead and then hopefully can check that when rendering comments.

Will check if username and author are equal.

RichGriff commented 9 hours ago

For some reason I couldnt get the user stored in the state, however I have managed to fetch the current user and do a check to see if they can edit the comment.

This fix is now in develop and should be available in staging shortly.

@chrisdburr ready for you to review.