wk1 2024_apr_epic MTL 3.7 Release: Bug in Sim UI TEST: Data file access is unlimited, but should only be site-specific access for field users

[ljmoody]

1. Description: Users, except for administrator, should not be able to see all the existing data files in the Sim UI. We do not want users to be able to access and view every single data file from other people and clinical teams uploaded in the Sim UI. Users can see data files based on the group (_team, _ind, _shared) they are assigned or added to.

They should just see the data files they: A) choose to upload, using the Upload button; and

Further info - archived communication about bug:

2/21/24 via Tejas: We are doing POC (proof of concept).

• POC1: We basically trying to explore by appending encrypted user key in epicenter data file name & checking it is not breaking any functionality in SIM UI.
• POC2: If POC1 not work well, will be looking for approach as mentioned in video recently shared based on conversation happened between James & David. We will look for solutions based on directory structure.

1/3/24 via Tejas: We have just begun to look into this requirement. We need to explore Vault API underlying functionalities & its implementation for our problem. Expecting series of communications with David (Epicenter) for this matter. Will keep you informed of any developments.

12/6/23 via Tejas: Actually, we were looking for API which retrieve list of data files uploaded by self registered user & based on results we can differentiate file uploaded by self registered user or administrator_login user. Current API response details is not enough so we contacted David for the same & received response as below:

"The project file system is, unsurprisingly, backed by a file system. The owner of that file system is necessarily the entity executing file operations, which is epicenter. Neither your users nor anyone else’s holds an actual user account as far as the file system is concerned, so we have no way to provide that information. However, if you’re making the api calls, I would guess you do, and could keep a history, or shadow file information. You would need a convenient data storage system for that kind of information. We do provide the vault api for just this sort of usage. It is a storage system for loosely structured data of your choosing (actually a json store, actually backed by mongodb). The vault api…

https://forio.com/api/v3/account/project/encyclopedia/as/asciidoc_to_html/v3/vault

…can be complex, but utilizes the same building blocks as the rest of the v3 api, such as scope and permit. Proper usage takes some thought and planning, as does the proper usage of any data store, towards capabilities and long term data evolution. "

So, at this moment we (Ask EHS Team) are unsure about efforts & possible solution however we can give a try when time permits.

12/1/23 via Tejas: It required to investigate functionality & possibility to filter records based on self registered users. Need to find API support this.

[ljmoody]

3/1/24 update from Tejas:

• Users, except for administrator, should not be able to see all the existing data files in the Sim UI - Working on POC. As per Wallet API Documentation shared by David, we have successfully ran POST & Get method to acquire a knowledge of it. In this regard have sent an email to David for his inputs further how to interact with Epicenter folders (Group).

[jamesmrollins]

3/10 Sim UI Stand UP

1. @tejaspesquare demonstrated the fix in the va-pad-dev instance.
2. The DEV team will promote the fix to Test-Slow
3. US Team will test this week.

[tejaspesquare]

@jamesmrollins , @ljmoody & @lijenn - Code is promoted on TEST-Slow. Please verify at your end.

[ljmoody]

@tejaspesquare, Jenn and I still see the list of all the team data files in the Team Data blue bar. Changing teams, we can still see the data file(s) for other teams:

[tejaspesquare]

@jamesmrollins , @ljmoody , @lijenn - As per standup meeting 03/14 we have made changes & file will be accessible to user who is a member of a particular group.

Facilitator User-

Epicenter Files - _A - admin loaded file, _U2 - Participant uploaded one

Group Member -

[ljmoody]

Jenn & Laura will test 3091 this week!

[ljmoody]

@tejaspesquare, Jenn and I tested today:

1. Laura was unable to see the teams that Jenn created from self-registration (when Laura is logged in as administrator)

2. Data file/s would not upload via the Administrator Dashboard (for both of us), but they would upload via the Dynamic Decision Dashboard:

3. After uploading and pressing Go! we saw some very strange numbers populating the DDD. We will discuss this with @lzim today at Sim_UI (to see if these were the results she was also getting):

[lzim]

Discussed at wk2 2024_mar_epic - Below is the "crunchy_grass" file in PROD @lzim @ljmoody @jamesmrollins @lijenn

[jamesmrollins]

3/20 Stand UP

• Item 1 above is managed in #3080
• @tejaspesquare will check out API communications and variable return values (they are not appearing in the Inspect Console).
• @tejasquare to troubleshoot and test that files are uploading in all the places they can be uploaded (dynamic dashboard and Administrator Dashboard).

[tejaspesquare]

@jamesmrollins - API communications and variable return values. You can check now on TEST-Slow

Keywords to get variable specific to model run_CC run_MM run_PSY run_TeamCare run_TeamFlow

On Runner Screen

[ljmoody]

@tejaspesquare - Jenn and I tested (in both Edge and Chrome browsers) and this is not functioning correctly:

[tejaspesquare]

@ljmoody , @lijenn - It is working fine. we have verified with Jennifer's credentials (on TEST-Slow). Please verify at your end. Note: We have not made any changes.

[jamesmrollins]

3/25 Stand Up

• @ljmoody and @lijenn will test this week.

[ljmoody]

@tejaspesquare - when a data file is added for a team:

We think it should also show up in this area too, correct?:

...but it is not.

[lijenn]

Discussed at Stand Up 3/31/24:

• [x] @tejaspesquare will confirm to see if data file uploads from Settings in Administrator Dashboard.

[tejaspesquare]

@lijenn - Issue is resolved & test results are uploaded. Kindly refer #3139 & (related fix) #3141. Thank You!

[lijenn]

@tejaspesquare I believe this is bug has been resolved, but we will need to make sure Team Data Files uploaded or deleted in Shared Worlds are also reflected in Team World and vice versa (Team Data Files uploaded or deleted in Team World is reflected in the Shared World) based on this decision in #2997.