search

bcgov / MFIN-Data-Catalogue

The Finance Data Catalogue enables users to discover data holdings at the BC Ministry of Finance and offers information and functionality that benefits consumers of data for business purposes. The product is built using Drupal and adheres to the Government of BC's Core Administrative and Descriptive etadata Standard.
Other
6 stars 0 forks source link

strange User Management behaviour in Dev and Test environments #565

Open NicoledeGreef opened 1 month ago

NicoledeGreef commented 1 month ago

Describe the bug

In Dev or Test environments, when a Catalogue admin user adjusts permissions for another user, upon saving, the checkboxes all uncheck and Catalogue admin user loses their Catalogue admin role.

To reproduce

Steps to reproduce the behaviour:

  1. in Dev or Test, as an IDIR account with the Catalogue admin user role already, access the "People" tab
  2. Search for a user whose roles you want to adjust
  3. Click "Edit" for the user
  4. Access the "Roles" tab
  5. check the Catalogue admin user role
  6. click Save

Expected behaviour

Upon Save there should be a confirmation:

Status message The roles have been updated.

and the checkboxes applied prior to Save should persist. The user that made the Save should not lose their roles.

Screenshots

If applicable, add screenshots to help explain your problem.

Additional context

One other strange thing I noticed in Dev or Test was that even though David's First Name and Last Name had been added some time ago, his account is still showing up as:

Fong, David FIN:EX

whereas in Prod it displays as expected: image

NicoledeGreef commented 1 month ago

In preliminary discussion when this was discovered, @danhgov noted that the Roles are visible in the Edit profile tab for Drupal admin user among many other things, whereas "Catalogue admin" users only see First name, Last name and Organization on the "Edit profile" tab. The "Roles" tab seems to have been set up specifically for "Catalogue admin" users so that they don't see all the extra stuff and perhaps there is an issue with that view?

NicoledeGreef commented 1 month ago

If I use an Incognito browser and log in, it appears I still have the Data catalogue administrator role. I cleared my browser cache in my regular browser window and re-logged in and then I was able to see that I still had the Data catalogue administrator role.

I tried adjusting another user's permissions; they were a Catalogue user, I tried to make them an Catalogue editor. When I click "Save" unfortunately the checkboxes all uncheck. If I move around and come back to that screen the user still has no roles applied.

25-OCT-2024: tried this again today and it's still an issue for me. I tried adjusting roles for a couple of non-active users and all checkboxes were cleared; e.g.: https://test.cat.data.fin.gov.bc.ca/user/23/edit?destination=/admin/people https://test.cat.data.fin.gov.bc.ca/user/32/edit?destination=/admin/people

david-fong-bc commented 1 month ago

I'm seeing another issue in my experimentation with the JSON API module which might be related. I can successfully make authenticated requests with the PTB API user in the DEV environment, but in the TEST environment, I get 401 Unauthorized, with a detail message saying "No authentication credentials provided", even though when I inspect the request headers being sent, I can see that my Authorization header is there. The same Authorization header was successfully authenticating my API requests at the end of last week. I asked Mike S. if he had any experience with such an issue before but he didn't, and suggested reaching out to devs / app ops.

I stopped being able to reproduce that issue at the end of the same day, and I unfortunately wasn't able to understand why it happened or how it stopped happening, but if it happens again, I'll try again to understand it.

danhgov commented 4 weeks ago

@david-fong-bc just found us a couple of great leads for fixing this:

chrislaick commented 1 day ago

I was able to reproduce the issue with one additional observation. Just saving the Roles tab form clears out all permissions on the user. You don't have to check/uncheck roles. Currently investigating.

chrislaick commented 1 day ago

PR: https://github.com/bcgov/MFIN-Data-Catalogue/pull/569

This issue has been fixed and is currently working in DEV and TEST. Moving to Ready for QA.

NicoledeGreef commented 15 hours ago

@chrislaick - I am not experiencing this fix in Dev and Test. I tried Incognito with Cache disabled and the issue persists.

Image