Open kennsippell opened 5 months ago
Options:
_users/_security
doc to permit access to the user_manager
role. This also requires this update to couch.ini.cc @mrjones-plip for input. This could potentially block CHIS upgrades.
This could potentially block CHIS upgrades
thanks for the heads up! Let's see if the work around proposed in the ticket is viable and go from there.
I'll be keeping an eye out for updates!
Great to see the ddoc work around is deployed!
Note that https://github.com/medic/cht-core/issues/8877 is under way and will be released in CHT 4.7.0
Reactivating due to https://github.com/medic/cht-user-management/issues/115
@kennsippell - are you able to reproduce this in a dev environment? I wonder if using the new users API going to be released in 4.7 would be a solution? If you can reproduce it in a dev environment, then we could try using the branch images on 8877-lookup-single-user
to see if the new API fixes the timeout.
I know that the new API PR isn't final and there were maybe some performance concerns, but the build is green, so the images have published! If this does end up being a fix, then we'd be happy to do a FR to use in production which will take a lot less time than 4.7 proper.
cc @jkuester @m5r
@mrjones-plip Yep. We will try it out. https://github.com/medic/cht-user-management/issues/114 Means cht-user-management wont work with cht-core 4.4 to 4.6.
The two users APIs GET /api/v2/users/:username
and GET /api/v2/users?{facility_id,contact_id}=
have been merged to cht-core master and will be part of the 4.7.0 release
https://github.com/medic/cht-core/pull/9016 https://github.com/medic/cht-core/pull/8928
And their documentation is already out: https://docs.communityhealthtoolkit.org/apps/reference/api/#get-apiv2users https://docs.communityhealthtoolkit.org/apps/reference/api/#get-apiv2usersusername
@m5r That's great! Thanks.
There are 4 eCHIS Kenya instances running cht-core 4.4 or 4.5. I don't know how that happened, but I can't downgrade them to 4.3.1 to get them working with cht-user-management. And it is a bunch of work to get this working for those instances.
If we backport your changes to 4.6.x, then I will push to upgrade all eCHIS instances to 4.6.x instead of 4.3.1 in these tickets https://github.com/moh-kenya/config-echis-2.0/issues/2096. I can't guarantee an upgrade, but it is a shot at a very large number of cht-core upgrades (47+ instances and majority of CHT core users).
This tool needs to find a list of users by their
facility_id
. To "replace" an existing user, we need to find the users which are linked to a place. Currently, we do this with disableUsersByPlace but this isn't working for non-admin users.Three issues combine to make this issue quick sticky:
mm-online
role) get a 403 unauthorized when running the_users/_find
query currently in use. Access to the_users
database is for admins only after CHT 4.4's upgrade of CouchDB.GET /api/v2/users
API endpoint doesn't support looking up users by facility_id https://github.com/medic/cht-core/issues/8877/api/v2/users
to fetch all users and filter it in memory by facility_id https://github.com/medic/cht-core/issues/8689This blocks "replace user" scenarios for devolved user management. cc @freddieptf