search

medic / cht-core

The CHT Core Framework makes it faster to build responsive, offline-first digital health apps that equip health workers to provide better care in their communities. It is a central resource of the Community Health Toolkit.
https://communityhealthtoolkit.org
GNU Affero General Public License v3.0
438 stars 209 forks source link

Changing a role from being "online" to "offline" does not also change behavior of existing users having this role #8668

Open dianabarsan opened 10 months ago

dianabarsan commented 10 months ago

Describe the bug Users can have a specific role flag mm-online, which determines whether they are online or offline users. This role is added or removed when the user is created or edited, depending on the list of roles that is provided for them. If a user is assigned to an role that is online, they will also be assigned this mm-online role. If the user's primary role is later changed, from being online to offline, any user that has this role will still be treated as online, because of the mm-online flag.

To Reproduce Steps to reproduce the behavior:

  1. Create a new online role.
  2. Create a user with this online role.
  3. Edit the role and make it offline.
  4. Log in with the user and observe they are treated as an online user: they have access to all documents and do not have the app available when they are offline.

Expected behavior It should be clear that simply editing the role is not sufficient to changing the behavior of users that are assigned to this role. An alternative would be to edit the users every time a role is changed.

Environment

Additional context This came in through the forum: https://forum.communityhealthtoolkit.org/t/scope-report-viewing-to-specific-top-level-place/3092/9

dianabarsan commented 10 months ago

I don't believe this will be a straight forward change so all users are edited when a role is changed kind of situation. Changing a user from being online to being offline, and vice-versa, while the user is logged in, will produce all sorts of unexpected, and potentially very damaging, results, so propagating the role change to users automatically can be seriously risky.

Not providing any indication that the users won't be affected by the role edit needs to change.

garethbowen commented 10 months ago

Yeah this sounds risky. The quick fix would be to block anyone switching, essentially forcing creating a new user. I'm not sure how common it would be to actually want to change an existing user...

dianabarsan commented 10 months ago

Oh, interesting idea. So switching a role online status would disable all user logins that have this role? Because roles are likely changed through pushing config, instead of the admin UI (I think we don't even offer this switch as a UI option), we would need to have some sort of warning in cht-conf. If deployments use CI pipelines for config pushes, the warning can become ineffective.