Open roxy-dao opened 2 days ago
A few issues here!
Firstly the __typename error
If you don't have view assets
permission, you get a permission denied popup trying to edit a vaccine course:
No store_id check, so you can view demographics, even if view assets
is off for your store, as long as it is on for any store the user has access to... even stores not on this site!
https://github.com/msupply-foundation/open-msupply/blob/ef7d01f61170e5d56a712dab9c5b1c11b16a3ab0/server/graphql/demographic/src/lib.rs#L36-L49
Also, view assets
doesn't seem a particularly intuitive permission for this feature, and isn't mentioned in the docs 👀
I think 1 & 2 should probably go into 2.3, maybe 3 and 4 can be solved later... but will let triage team decide here 🙏
Triage, if 3 and 4 is not too much extra work i would suggest doing as part of this issue.
And we agree to other suggestions by Lache
If you don't have view assets permission, you get a permission denied popup trying to edit a vaccine course:
Target demographic renders no option instead of permission denied
Also don't think view assets is the best permission for demographics...
Whoever does this issue, can they please check demographic indicators aren't used anywhere else? Hoping view assets
was just put in in a rush before the edit central data
permission existed, and not because demographics need to be queried by non-central admin users?
What went wrong? 😲
If I have edit central data ticked, and now
View Assets
... I can add indicator but it doesn't show up on my list and the permission toast doesn't give much information about what permission the user doesn't have.A bit confused about whether the demographics needs the view assets permission?
Also getting a
Cannot read properties of undefined (reading '__typename')
errorhttps://github.com/user-attachments/assets/b75809e2-d1f8-4fdd-8fa4-27c7abca5e1a
Expected behaviour 🤔
How to Reproduce 🔨
Steps to reproduce the behaviour:
Your environment 🌱